ISO 27001, the information security management system.
Simultaneously with the revolutionary design of the new datacenter, the management of LCP decided to go for an objective qualification of its operational way-of-working. So there was a need for follow-up system
- that was built on the same common sense philosophy as the datacenter design it-self,
- that provided a path for further growth and
- that was compatible with other recognized management systems (e.g. ISO 9000).
On the other hand and from a customers point of view, the fundamental aspect of a datacenter is the protection of the information – its availability, confidentiality and integrity – on which they and their customers depend.
These requirements above lead us to the international standard ISO 27001: Information technology — Security Techniques — Information security management systems — Requirements. ISO 27001 sets out how an organization should approach its ISMS (Information Security Management System) project and specifies the components that are essential. Not only does this standard lay-out the security risks, it also provides a list of controls and their implementation guidance. Another advantage of this management system is the PDCA approach that is incorporated. The PDCA cycle is the Plan-Do-Check-Act cycle that was originated in the 1950s by W. Edwards Deming and which says that that business processes should be treated as though they are in a continuous feedback loop so that managers can identify and change those parts of the process that need improvement. The process, or an improvement to the process, should first be planned, then implemented and its performance measured, then the measurements should be checked against the planned specification and any deviations or potential improvements identified, and reported to management for a decision about what action to take.
To be able to control all this, an elaborated asset management system of people, materials and documentation is indispensable and will be internally supervised by the Chief Security Officer who directly reports to the CEO.
To reassure our customers, we are partnering up with the control organisation SGS who will check the compliance of our ISMS with the requirements of the ISO 27001.