News

Krome achieves ISO 27001 certification

Krome adds ISO 27001 Information Security Standard to its Accreditations.

Following a comprehensive audit, Krome Technologies is delighted to have achieved ISO 27001 certification, the internationally recognised best practice framework for Information Security Management Systems, for its Managed Services and Technical Support.

ISO27001 certified

ISO 27001:2013 International Standard for Information Security Management Systems

Surrey-based Technology Consultancy Krome has been awarded the ISO 27001:2013 international standard for Information Security Management Systems, (ISMS) for its Managed Services and Technical Support Services. Demonstrating that it has met the rigorous international information security standards, and has the appropriate controls, policies, and systems in place to safe-guard its data.

The ISO 27001 standard, which is particularly relevant to the protection of critical information, takes a risk-based approach to information security. By achieving this standard, Krome has validated its commitment to ensuring that its Hosted Managed Services and Technical Support systems are sufficiently protected, whilst demonstrating that it has invested in its people and processes, and has the technological systems in place to efficiently protect its client’s data.

Krome’s Technical Director Ben Randall comments: “With an increasing demand for our managed “as-a-Service” solutions, it is vitality important that we demonstrably show our commitment to security, giving our clients the peace of mind that their data and systems are being managed in a fashion that is compliant to the highest security standard available.”

Achieving ISO 27001 Certification

To achieve ISO 27001 certification, an independent authorised body undertakes a thorough and comprehensive assessment of the Information Security Management System measures and procedures that are in place, evaluating and assessing each element against a defined list of controls. These include:

  • Information security policies
  • Organisation of information security
  • Human resource security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition and maintenance
  • Supplier relationships
  • Security Incident management
  • Business continuity management
  • Compliance

The ISO 27001 information security management standard lasts for a period of three years, with annual surveillance visits performed by an external auditor and compulsory internal audits to ensure that Krome remains compliant to the expected ISO standards. At the end of the three years, Krome will be required to complete a re-certification audit in order to retain the certification for a further 3 years.

Krome’s Compliance Officer Chris Swan explains: “By Achieving ISO 27001 Krome has invested in the industry-leading security compliance standard and by doing so demonstrating that we are committed to maintaining secure compliant systems, policies, processes and procedures to protect our customers and our data.”

Strengthening Krome’s certifications

The recent ISO 27001:2013 accreditation gained by Krome, reinforces their list of industry recognised certifications, which already includes ISO 9001:2015, the international standard for Quality Management Systems (QMS), gained for the supply, installation, configuration, and support of IT hardware and software, along with the government-endorsed Cyber Essential Plus accreditation.