ISO 27001:2013 certification pertains to the Information Security of Resilinc's in-house data, customer and supplier data collection, storage, IT management, IT infrastructure management and sharing processes. Specifically, the company operates an Information Security Management System which complies with the requirements for ISO 27001:2013 for the following scope: The information security management system is applicable to development and Operation of Supply Chain Risk Management Solutions, Physical Security, Admin, Facilities, Human Resources and Information Technology.

It is essential for Resilinc customers and suppliers that participate in the company’s global supply chain risk management network that they have complete confidence in the processes by which their sensitive financial and operational data is used and shared.

About ISO 27001:2013 certification

ISO 27001:2013 is the most widely recognized Information Security Management System and standard. It can be used in industries of any size, anywhere in the world. Registration to ISO 27001 (or other ISO 27000 standards) provides objective proof that a business has implemented an effective Information Security management system, and that it satisfies all of the requirements of the applicable standard. An external, impartial expert called a registrar or CB (Certification Body) conducts an on-site audit to determine whether or not a company is in conformance to the standard. For any query related to certification please drop an email to support@resilinc.com.

Criteria to Achieve ISO 27001:2013  ISMS  Certification

  • The organization has clear ideas about their objectives
  • The organization must be prepared to incorporate an Information Security management system into every area of business
  • All staff must be aware of what is expected of them and where their areas of responsibility lie, in order to achieve ISO 27001 Certification
  • A documented Information Security management system is required, together with the policies and procedures required by ISO 27001
  • The organization should be aware of their Information Security requirements and that those need to be recorded, met, and continually exceeded to ensure Information Security
  • The organization must establish a system for management of Information Security which includes and is not limited to human resources, infrastructure, and work environment
  • The organization must adopt effective method to measure, analyze, and improve their Information Security processes
  • Top level management of the organization must demonstrate their ownership towards implementation of ISMS by establishing an Information Security policy, Information Security and organizational objectives, as well as monitoring, measurement, and continual improvement of Information Security.

Key Benefit Categories of ISO 27001:2013 ISMS  Implementation

  • Process approach
  • Framework for ensuring Information Security and continual improvement of Information Security measures
  • Planned assessment for Information Security Assessment review
  • Process control
  • Measurement, analysis, and improvement
  • Delivery planning and execution
  • Training processes and assessment
  • Document control

Benefits of ISMS Implementation to Resilinc & External Stakeholders

 

Resilinc

  • Provides senior management with an efficient Information Security management process
  • Sets out areas of responsibility across the organization
  • Communicates a positive message and confidence about Information Security to staff and customers/suppliers
  • Identifies and encourages more efficient Information Security processes
  • Highlights deficiencies in Information Security
  • Provides continuous assessment and improvement in Information Security
  • Affords enhanced marketing opportunities

Customers

  • Ensure Information Security of all Data, and Supplier information shared with Resilinc
  • Negligible or Zero Information Security leakage complaints
  • Independent audit demonstrates commitment to Information Security

ISO Objectives for Which Resilinc has complied with for this certification

  • Information Security
  • Leadership
  • Involvement of people
  • Process and systematic approach
  • Timely audits every year
  • Ensuring gaining Confidence in Customer and Supplier relationships

Resilinc Process Changes Implemented to Achieve ISO 27001 Certification

 

Process Documentation

  • Ensured development and deployment of ISMS policy and relevant processes
  • Ensured that all standard processes have SOPs
  • Ensured that process flow diagrams are available for each of the standard processes
  • Established that standard forms and templates are available on a shared repository

 

Training and Assessment

  • Developed standard ISMS training plans and ensured that assessment records are available and maintained for each team
  • All new joinee’s also undergo this training when they join
  • Implemented effectiveness monitoring based on assessment results and made remediation testing available when needed

Document Control

  • Implemented processes to ensure that all changes to SOPs (amendments/updates) are communicated to all team members
  • Established a mandatory requirement that all changes to standard documents are subject to ‘Document Change Request’ for both control purposes and to ensure that the most current/updated version is being used

Continuous Improvement

  • All policies and processes will be reviewed on periodic basis to ensure relevance and offer possibilities of improvement in Information Security.