HID SAFE Is Now Certified to the ISO 27001 Security Standard
We’re delighted to announce that HID® SAFE™, our enterprise-class physical identity and access management (IAM) system, is now certified to the rigorous ISO 27001 international security standard. The family of 27000 ISO standards is designed to ensure organizations can protect and manage the security of vital assets, including:
- Financial information and accounts
- Intellectual property
- Personally identifiable information
- Network and application security
- Business continuity
- Supplier relationships
What Does It Mean to Be ISO 27001 Certified?
ISO 27001 is one of the most rigorous security standards in the world. The standard describes the management systems needed to bring information security under management control. It sets out guidelines, suggestions, and best practices that organizations and tools need to meet in order to pass the ISO 27001 certification process. Once something has achieved ISO 27001 certification, you can trust that it adheres to robust requirements for online and physical security. In short, ISO 27001 is the best-known standard for providing requirements for an information security management system (ISMS). It does not state an organization has to carry out specific actions, but it does provide suggestions for process documents, auditing, improvements, and corrective and preventive actions.What Is an Information Security Management System?
An information security management system (ISMS) provides a set of procedures, policies, and guidelines to properly manage an organization's sensitive data. The aim is to minimize risks by proactively limiting the likelihood and severity of a security breach. An ISMS will normally cover:- Employee behaviors and expectations
- Business processes that influence security provisions
- Data hygiene, privacy, and protection
- Technology: onsite, offsite, hardware, software, and integrations
What Security Controls and Domains Are Part of ISO 27001?
The ISO 27001 standard defines the following areas where organizations need to prove compliance:- Information security policies
- Organization of information security
- Human resource security
- Asset management
- Access control
- Cryptography
- Physical and environmental security
- Operations security
- Communications security
- System acquisition, development, and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Compliance with internal requirements, such as policies, and with external requirements, such as laws
What Is HID SAFE?
HID SAFE is a flexible, scalable, off-the-shelf software that enables organizations to manage identities across the IAM lifecycle. This includes:- Advanced Access Manager
- Badge Manager
- Visitor Manager
- Security Reporter and Operational Analytics
How Did We Achieve ISO 27001 Certificate for HID SAFE?
Our ISO27001 certification comes after an extensive audit of HID SAFE’s Information Security Program. We used an independent auditing firm to validate the design and operational effectiveness of HID SAFE’s security management program. The underlying ISMS implementation was assessed and examined to ensure it supported the functioning of the Information Security Program for HID SAFE. Our ISMS is a system we implemented through standardized security practices and processes, and sound technical controls including:- Our IT infrastructure and integrated and associated systems
- Physical locations including HID offices and development centers
- HID SAFE’s software design and development practices including product design and development, engineering, and security
- Our security and risk management policies, procedures, and requirements
- Customer service management processes