Case Study: NSF-ISR Provides Full ISO/IEC 27001 Certification Remotely
ISO/IEC 27001 certification is critically important to differentiate organizations that have established additional information security processes and procedures to protect vital data. The data center needed to identify a certification body that understood the ISO/IEC 27001 certification process inside and out to allow for a thorough audit of controls. The team sought an integrity-based certification body with experienced information security auditors.
As an added challenge, the COVID-19 pandemic had caused a nationwide shutdown, social distancing requirements and a shift to remote work wherever possible. The data center needed to identify a certification body and complete the audit remotely while operating within approved COVID-19 workplace guidelines.
The Texas-based data center sought a certification body with a deep understanding of information security coupled with audit integrity. After a separate auditor referred the Texas-based data center to Tony Giles, the data center team gravitated towards Tony Giles' information security background. NSF-ISR lead ISO/IEC 27001 auditors, Tony Giles and Rhia Dancel, provided information security expertise with a thorough agenda, allowing the data center to stay up and running while undergoing an in-depth audit. The well-planned audit enabled internal stakeholders to effectively schedule their days without the need to be on call throughout the entire audit.
"During the audits, the NSF-ISR team was very personable, professional and candid as to what met, didn’t meet and might need improvement - while maintaining objectivity and not offering solutions - after we addressed items in certain areas."
“Throughout the various audit engagements, the NSF-ISR audit team was very forthright in outlining what areas we would cover during each audit stage,” said the Director of Information Security and Compliance at the Texas-based data center. “During the audits, the NSF-ISR team was very personable, professional and candid as to what met, didn’t meet and might need improvement - while maintaining objectivity and not offering solutions - after we addressed items in certain areas. The final reports of each stage were extraordinarily helpful as well as complimentary in areas they felt we excelled in! We have used these verbatim statements internally to help keep the ISO 27001 flame ignited with the various, contributing groups!”
The NSF-ISR team completed a thorough audit, leading to ISO/IEC 27001 certification. This certification indicates NSF-ISR’s ability to remotely verify an information security management system, marking our ability to mitigate risks for Fortune 500-level companies whose information is stored in data centers.
The Texas-based data center’s ISO/IEC 27001 certification increases its market opportunity with the ability to respond to requests for quotes (RFQs) and requests for information (RFIs) that require demonstrated adherence to information security practices. Looking forward, more organizations seeking data center services are likely to require an ISO/IEC 27001 certification.