DataBank, announced the company has achieved ISO/IEC 27001:2022 certification. The world-renowned standard defines the requirements that information security management systems must meet and provides guidance for establishing, implementing, maintaining, and continually improving systems to manage information security.
DataBank received certification from ISO—the International Organization for Standardization—for internal corporate IT systems as well as nearly all DataBank colocation data centers in the U.S., which host IT infrastructures for customers across the globe. Conformity signifies DataBank has deployed policies and procedures to manage risks related to the security of data handled by the company, and the DataBank security management systems follow all the best practices and principles of the ISO/IEC 27001:2022 standard.
“As part of the certification requirements, we proved our employees know how to access the policies and understand their roles in enforcing the policies,” added Calli Schlientz, the Director of Compliance for DataBank. “We demonstrated our internal teams know exactly what to do if an IT system is at risk or if a disaster strikes a data center—including those who are onsite where an event occurs and the remote backup personnel who mitigate the issue.”
In addition to certifying the DataBank information security management systems, ISO validated DataBank has implemented processes to log and track system events month over month, quarter over quarter, and year over year. Besides policies and procedures, ISO auditors evaluate technical components, including: leased space, redundant power, climate control (HVAC), maintenance, general support functions, physical security to include external and internal access, and Internet point of presence and the security controls in accordance with the Statement of Applicability (SOA).
Through interviews with the compliance, network, security, and engineering teams, ISO assessors confirmed DataBank knows how to protect information. The assessors also reviewed security budgeting, and human resource processes to verify information security is part of the DataBank hiring strategy, and that DataBank appropriately staffs data centers with sufficient resources and expertise to handle IT risks.
“ISO thoroughly assesses both the technical and the personnel components of our security management systems and how we maintain security during various user activities, such as communicating with customers and accessing the network,” said Schlientz. “ISO/IEC 27001:2022 also complements the SOC 2 standards we comply with. Where ISO is prescriptive in setting up systems to manage IT risks (establishing the Information Security Management System or ISMS), SOC 2 requires us to produce evidence that proves our security systems are designed and operating effectively based on a set of criteria developed and audited by AICPA.”
Following this initial ISO/IEC 27001:2022 certification, DataBank will conduct internal audits regularly to maintain compliance, and ISO Assessors will perform maintenance assessments annually, completing a full recertification every three years. The certification also facilitates the process for DataBank customers seeking to achieve ISO certification for the data they store at the data centers. Customers can inherit the certification components pertaining to the physical environment of the co-location facilities.
For more information visit the website here.