At the turn of the century, cybersecurity was much more simple than it is today. Most organizations had well defined technical infrastructure implementations and, typically, data was stored on premise. Fast forward 20 years and the majority of computing occurs in public cloud infrastructure (i.e. Amazon Web Services, Digital Ocean, Google, Azure), most organizations utilize an extensive list of Software-as-a-Service applications (i.e. Salesforce, GSuite, Slack), and the ability to “work from anywhere” has led to a mass exodus from the safety and security of the corporate office. All of these things make ensuring the confidentiality, integrity, and availability of data much more challenging.
The business environment has changed dramatically as well. Today, many organizations require their vendors and service providers to meet or exceed the cybersecurity expectations they, and their regulators, have for themselves. Compliance to standards such as PCI, GDPR, CCPA, and SOX are now the norm whereas, 20 years ago, there were very few cybersecurity regulatory requirements and adherence to industry standards and best practices was largely voluntary.
So, the question is: How does an organization implement and maintain an appropriate operational framework to demonstrate adherence to cybersecurity best practices? This is exactly the question we posed at Prime Trust. The answer? The ISO/IEC 27001:2013 Information Security Management standard.
From the ISO: “Using ISO/IEC 27001 standards enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.”
At Prime Trust, we viewed the implementation of an ISO/IEC 27001:2013 compliant Information Security Management System (ISMS) as a way to ensure that we had a framework which would help to future-proof our approach to cybersecurity so that we could ensure the security of our customers’, and their users’, information.
We now have a comprehensive ISMS and risk management program certified by ISO/IEC 27001:2013 that provides Prime Trust a tried and true methodology for continual improvement and a framework that will scale with growth.
When evaluating infrastructure providers, adherence to security protocols and standards is a must have, not a nice to have. With ISO/IEC 27001:2013, Prime Trust has a framework that allows us to not only operate safely and securely, but also to adapt easily to future regulatory requirements and changes.
The ISO/IEC 27001:2013 certification is a huge milestone, and the first of many to come as we continue to demonstrate our commitment to prioritizing the security of those within our ecosystem including partners, customers and their users.