How can we help?
Searching in {{docApp.searchFilterBySpecificBookTitle}}
{{docApp.searchResultFilteredItems.length}} results for: {{docApp.currentResultsSearchText}}
in {{docApp.searchFilterBySpecificBookTitle}}
Search results have been limited. There are a total of {{docApp.searchResponse.totalResultsAvailable}} matches.
You have an odd number of " characters in your search terms - each one needs closing with a matching " character!
-
{{resultItem.title}}
{{resultItem.url}}
{{docApp.libraryHomeViewProduct.title || docApp.libraryHomeViewProduct.id}}
{{docApp.libraryHomeViewProduct.description}}
{{group.title || group.id}}
{{group.description}}
About ISO
- Article
- Thu Aug 31 2023
- 4 minutes to read
- 1 contributors
What is ISO
The International Organization for Standardization (ISO) is an international standard-setting body composed of representatives from various national standards organizations. This group of experts over the last 50 years have created a set of ISO standards which are a series of frameworks that outline best practices and requirements against a number of key areas to ensure that, if adopted, an organization can run smoothly, securely, and provide customers with the knowledge that a company is doing it right. ISO certification is proof that the standards are being adhered to and embedded in the organization.
What is ISO27001
ISO 27001 (formally known as ISO/IEC 27001:2005 currently ISO/IEC 27001:2013) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization’s information risk management processes. Being IS0 27001 accredited means that we have proven to an external body that we comply with all regulations and requirements, therefore ensuring that security (both information and physical)/risk management, and other best practices are ingrained in everything we do through the processes we follow.
What is ISO27018
ISO 27018 is a specification for handling & securing Personal Identifiable Information in the Cloud. This goes side-by-side with ISO27001 & GDPR to ensure that we take all steps to secure your data, treat it with respect and guarantee that we will not use it for any purpose for which we don’t have specific consent. A successful external audit ensures that our policies & practices are correct and your data is safe with us.
Who is Responsible for Compliance
Ultimately, the CEO (As all processes must be approved and Supported by the board of directors), and all members of the cloud team are committed to maintaining our certification and take active roles in designing\implementing processes and controls. Other aspects of the business also play a vital role from HR to Development ensuring all processes are followed and information security\risk assessment is incorporated into every action performed.
How Often are we Audited
We are audited every 12 months and in order to stay certified we must not only show the documented processes but also how these are implemented in the business and show that all those affected by the process understand its requirements and adhere to its contents. We must also show that, where necessary checks and controls are in place to ensure that the process can not be circumvented. Our last audit certificate along with other accreditations are available via https://trust.hornbill.com/compliance/
What Processes are covered under ISO
The list is below, however processes are expanded to include additions not necessarily covered by ISO but that are either deemed important or best practice.
- ISO:Risk Management
- ISO:Information Security
- ISO:Management Systems
- ISO:Mobile Security
- ISO:HR Security
- ISO:Asset Management
- ISO:Information Classification & Handling
- ISO:Access Control
- ISO:Network Policy
- ISO:Cryptography Controls and Usage
- ISO:Physical and Environment Security
- ISO:Operations
- ISO:Communications
- ISO:Supplier Relationships and Procurement
- ISO:Incident Reporting\Handling and Management
- ISO:Change Reporting\Handling\Planning and Management
- ISO:Business Continuity and Disaster Recovery
- ISO:Compliance and Regulatory Requirements - Geographical
We have a document for each of the above (summary available via link), containing a summary of requirements, outlining the responsibilities for each department\individual, detailing any actions that must be performed in order to ensure the desired outcome is achieved, and listing any checks or controls that must be performed. All Documents are reviewed at least once every 12 months and made available to appropriate employees via Hornbill Document Manager. Every employee affected by one or more processes is provided training and tested to ensure they understand the process and its effects (Records of training are then available to the ISO certification team).
Other
The below links to sections\documents that are not covered by ISO, however, are important to the way Hornbill operates\plans and provides services. This includes policies, guiding theologies, or supporting documents that help show our commitment to security and your data.
- Data Security Commitment
- Application and Interface Security
- FAQ:Data_Centres#Datacenters_and_Facilitators
- Cyber Essentials
- Penetration Tests
- Environmental Policy
- Modern Slavery
- Corporate Responsibility
Capacity Management and Scalability
We have hardware available for our expected growth of Hornbill and this is reviewed\increased every 3 months with the purchasing of additional hypervisors\rack space as required. If required we can also create an instance or complete replica of the Hornbill infrastructure in AWS (Same as in our DR Plan) in record time meaning that capacity and scalability are never an issue. This scalability along with the underlying server code also removes all limitations for user increase as new servers can be added as demand increases.
- Version {{docApp.book.version}}
- Node {{docApp.node}} / {{docApp.build}}