Krome achieves ISO 27001 certification

12th June 2024: Update

Krome achieve the ISO 27001:2022 Standard.

We are proud to announce that we have now achieved ISO 27001:2022 certification, having held the 2013 certification for the past 3 years. This transition underscores our commitment to maintaining the highest standards of information security. For our clients, this means enhanced protection of sensitive data, assurance of our continual improvement, and alignment with the latest security practices. Our updated certification demonstrates our proactive approach to emerging threats and our dedication to safeguarding client information with the most current and effective security measures.

ISO 27001:2013 and ISO 27001:2022 guide information security management systems (ISMS), but differ in key areas. The 2022 version offers flexible risk assessment methodologies and emphasises integrating information security with business processes. It updates Annex A to address modern technologies and emerging threats, like cloud and supply chain security. Additionally, ISO 27001:2022 enhances guidance on performance evaluation and continual improvement, making it more adaptable and comprehensive for current security challenges.

13th July 2021

Krome adds ISO 27001 Information Security Standard to its Accreditations.

Following a comprehensive audit, Krome Technologies is delighted to have achieved ISO 27001 certification, the internationally recognised best practice framework for Information Security Management Systems, for its Managed Services and Technical Support.

ISO 27001:2013 International Standard for Information Security Management Systems

Surrey-based Technology Consultancy Krome has been awarded the ISO 27001:2013 international standard for Information Security Management Systems, (ISMS) for its Managed Services and Technical Support Services. Demonstrating that it has met the rigorous international information security standards, and has the appropriate controls, policies, and systems in place to safe-guard its data.

The ISO 27001 standard, which is particularly relevant to the protection of critical information, takes a risk-based approach to information security. By achieving this standard, Krome has validated its commitment to ensuring that its Hosted Managed Services and Technical Support systems are sufficiently protected, whilst demonstrating that it has invested in its people and processes, and has the technological systems in place to efficiently protect its client’s data.

Krome’s Technical Director Ben Randall comments: “With an increasing demand for our managed “as-a-Service” solutions, it is vitality important that we demonstrably show our commitment to security, giving our clients the peace of mind that their data and systems are being managed in a fashion that is compliant to the highest security standard available.”

Achieving ISO 27001 Certification

To achieve ISO 27001 certification, an independent authorised body undertakes a thorough and comprehensive assessment of the Information Security Management System measures and procedures that are in place, evaluating and assessing each element against a defined list of controls. These include:

• Information security policies
• Organisation of information security
• Human resource security
• Asset management
• Access control
• Cryptography
• Physical and environmental security
• Operations security
• Communications security
• System acquisition and maintenance
• Supplier relationships
• Security Incident management
• Business continuity management
• Compliance

The ISO 27001 information security management standard lasts for a period of three years, with annual surveillance visits performed by an external auditor and compulsory internal audits to ensure that Krome remains compliant to the expected ISO standards. At the end of the three years, Krome will be required to complete a re-certification audit in order to retain the certification for a further 3 years.

Krome’s Compliance Officer Chris Swan explains: “By Achieving ISO 27001 Krome has invested in the industry-leading security compliance standard and by doing so demonstrating that we are committed to maintaining secure compliant systems, policies, processes and procedures to protect our customers and our data.”

Strengthening Krome’s certifications

The recent ISO 27001:2022 accreditation gained by Krome, reinforces their list of industry recognised certifications, which already includes ISO 9001:2015, the international standard for Quality Management Systems (QMS), gained for the supply, installation, configuration, and support of IT hardware and software, along with the government-endorsed Cyber Essential Plus accreditation.