There are many factors to consider when choosing a certificate authority (CA), but one of those is how they offer and maintain best-practice security methods. One criteria to consider is the ISO standards that they hold. In this article, we’ll look at four ISO Standards, what they mean and how they can guarantee a CA has implemented the best-practice security methods in the IT industry.
What are ISO standards?
ISO’s standards are internationally agreed upon by experts and can be thought of as a formula that describes the best way of doing something to provide organizations the knowledge to make excellence a habit and inspiring trust.
ISO standards cover everything from road safety and toy safety to secure medical packaging to reduce product failures, helping to make the world a safer place.
1. ISO/IEC 27001:2013 Information Security Management System (ISMS)
What is the ISO/IEC 27001 Information Security Management System (ISMS)?
This internationally recognized standard helps organizations manage and protect their information assets through a framework, so that they remain safe and secure. It enables businesses to continually review and refine the way this is done within the company to build a resilience.
Why should I look for this in a CA?
The ISO/IEC 27001:2013 certification is evidence that the CA has met rigorous international standards in ensuring confidentiality, integrity, and availability of resources and data entrusted to the certificate authorities care.
2. ISO 22301:2019 Business Continuity Management System
What is the ISO 22301 Business Continuity Management System?
ISO 22301 is the international standard for business continuity management system. It is designed to keep businesses operational during the most challenging and unexpected circumstances, such as natural disasters, IT failures, supply chain disruptions, government interventions, or other threats.
Why should I look for this in a CA?
This standard shows that the CA has taken steps to implement process to provide continuity across all operations during disruptive events providing a high level of assurance for customers.
3. ISO/IEC 27701:2019 Privacy Information Management System (PIMS)
What is the ISO/IEC 27701 Privacy Information Management System (PIMS)?
The ISO/IEC 27701 is an international system standard and provides guidance on the protection of privacy, including how organizations should manage personal information, and assists in demonstrating compliance with privacy regulations around the world. It is an extension of ISO/IEC 27001 Information Security Management.
Why should I look for this in a CA?
If a CA has this standard coupled with an Information Security Management System (ISMS) it demonstrates highly effective privacy data management.
4. ISO/IEC 27017:2015 Security Controls for Cloud Services
What is ISO/IEC 27017 Security Controls for Cloud Services?
This standard is used with ISO/IEC 27001 series of standards, to provide enhanced controls for cloud service providers and customers. Through a number of cloud controls and by clarifying both party’s roles and responsibilities, the ISO/IEC 27017 can help make cloud services as safe and secure as the rest of the data included in a certified information security management system.
Why should I look for this in a CA?
The standard enables an internationally standardized framework to help reduce the risk of data breaches and build customer trust by showing the CA’s commitment to information security. The standard also provides expert guidance to customers who utilize our cloud-based services.
Which ISO Standards Does GlobalSign Hold?
GlobalSign is the only certificate authority in the world to have achieved certification in all four of the ISO standards mentioned in this article. We have retained ISO 27001 (ISMS) and ISO 22301 (BCMS) and recently announced that we added ISO 27017 (Security Controls for Cloud Services) and ISO 27701 (PIMS).
With this combination of certifications, customers can be confident that GlobalSign’s products, solutions and services are safe, reliable and trustworthy. As a trusted CA, we are dedicated to implementing benchmark best practices and are willing to do what it takes to guarantee quality results.
