The Truth about Information Security Certification

In today’s digital environment, a commitment to risk management and mitigation is particularly important. You can’t be too careful when it comes to trusting a business with securely managing your information. Protecting your commercially sensitive customer and personal information is critical.

The CEO of global standards organisation BSI, Howard Kerr, advised that Australian certification for ISO 27001 has now grown to an estimated 450 certificates, which is still relatively small.

ISO certification is more than a compliance exercise. The ISO/IEC 27001 Information Security standard is an internationally recognised best practice model that provides a systematic approach for mitigating security risks by ensuring the correct people, processes and technical controls are in place to counter specific cyber threats. Companies that comply with ISO/IEC 27001 have demonstrated that they identify security risks, use processes to manage the identified security risks and proactively address issues before a breach occurs.

Many businesses today claim they are secure by leveraging existing cloud provider certifications and stating that their cloud services are covered under ISO/IEC 27001 certification; unfortunately this is simply not the case. An ISO 27001 certification requires demonstrated adherence to security best practices for information systems under their control.  This independent certification goes well beyond certification of the cloud environment. It’s crucial to request independent security certification of an information system that runs on cloud infrastructure. Failing to do so increases the likelihood of a compromise of information assets, systems and people and potentially exposes organisations to data breaches.

The Citadel Group is a leading Australian software and services company which is ISO/IEC 27001 certified for their secure cloud based Citadel-IX solution, which is crucial to Citadel’s purpose of ‘Keeping People and Information Safe’.

Citadel works closely with the most secure Australian government departments and businesses to provide information management solutions that solve their unique challenges. Many of their clients are facing information management challenges such as increased data holdings, requirements to deliver services more efficiently and combating the ever evolving cyber threats targeting their most sensitive information and critical systems.

Citadel-IX is the only fully (end-to-end) ISO27001 certified Content Manager Cloud Solution in Australia. Citadel-IX provides the flexibility, scalability and security that makes a real difference to businesses faced with the challenge of secure enterprise information management. Citadel-IX was purpose-built to meet the needs of Citadel’s extended client base across Australia.

Brent Kuhl2

Brent Kuhl, General Manager Solutions

Brent has over 15 years’ experience in technical delivery and is responsible for Citadel’s product development and ICT operations. Brent has extensive management experience managing large development teams and delivering innovative products to consumers, government and enterprise.