ENVIRA has been certified in information security management (ISO 27001) since 2015.
What is the ISO 27001?
The Standard UNE-ISO/IEC 27001 is a group of standards or protocols marked by the International Organization for Standardization (ISO) to guarantee the security, integrity and availability of information in a company or organization.
ENVIRA has implemented the ISO 27001 in our IT department since 2015 for an efficient handling of resources and information, infrastructure, technological services and mainly for the achievement of the highest levels of protection of the information. We have thus developed a ISMS.
What is an ISMS?
ISMS means “Information Security Management System“, which is the basis for the ISO 27001. The ISMS implements and documents the steps for the systematization of the security of the information handled by Envira.
What kind of information do we protect?
Any data, in physical or digital supports, that belongs to the company or to third parties and is valuable for the activity of Envira must be organised and registered to ensure its integrity, security and availability.
What do we must protect the information against?
The standard ISO 27001 protects the keeping and integrity of the data available by creating, in the ISMS, protocols and solutions to possible risks such as: fires, floods, cyberattacks, undue deleting or loss of data, power cuts or any event that involves a menace.
How do we protect our information?
The development and implantation of an ISMS has meant the establishment of a security policy and objectives based on risk management and continuous improvement:
- Responsibilities: All the staff from the IT Department and the Head Management in Envira is committed to the policy implemented and transmitted by means of a handbook.
- Understanding needs: Identifying the interested parties, employees of Envira, customers, suppliers of services and public administration.
- Determining the scope of the system: Identifying the assets to standardise and protect, both data and computer solutions such as hardware development or maintenance. This is achieved by identifying and assessing risks and measuring them in the ISMS.
- Actions to handle risks and opportunities: The IT deparment in Envira determines and provides the necessary resources for the ISMS establishment, implementation, maintenance and continuous improvement.
- Internal audit: The IT deparment in ENVIRA performs internal audits once a year to verify that the information security management system complies with the standard UNE ISO/IEC 27001:2014 and with other requirements established by Envira.
- Commitment: The Head Management in Envira is committed to provide the resources necessary for the ISMS and to ensure its compliance, directing and supporting the staff and thus contributing to improve its effectiveness.
Who gives the certification ISO 27001?
In the case of Envira, our certification body is “Bureau Veritas”, a trademark acknowledged by (ENAC) “Entidad Nacional de Acreditación” (National Accreditation Body), an impartial non-profit organisation authorised by the government of Spain to give accreditations within the European framework and that has audited the IT department in Envira and given them the certification each year.
The resons why ENVIRA has been committed to the standard ISO 27001, complying with it, are:
- Creating a sense of safety in the market and the community by fostering the quality of products and services.
- Guaranteeing the confidentiality of the information.
- Reducing the costs of optimisation for the benefit of our clients.
- Optimisation and environmental respect, looking for the sustainability of our activities.