- Company: Cape Town, South Africa based software company with 98 employees.
- Specialty: Specialized software platform for helping healthcare insurance carriers identify payment errors and other discrepancies.
- Requirement: ISO 27001 was a strict requirement for doing business with the four largest insurance carriers in South Africa. Additionally, the organization was required to add ISO/IEC 27701 as an extension within their ISO/IEC 27001 certification. This required establishing a Privacy Information Management System (PIMS).
- What We Provided: Successfully performed a gap assessment, developed all required security and operational policies and procedures, developed a customized continuous monitoring program.
- End Result: Four months after completing all necessary pre-certification work, the organization obtained ISO/IEC 27001 certification from an accredited ISO ANAB body that we recommend to them.
Customer Testimonial: “Excellent choice in guiding our organization through the ISO/IEC 27001 journey.”
ISO/IEC 27002:2022 | 5.9 - Inventory of Information and Other Associated Assets
Per ISO/IEC 27002:20222 | 5.9 - Information Security in Project Management, “The organization should identify its information and other associated assets and determine their importance in terms of information security. Documentation should be maintained in dedicated or existing inventories as appropriate.”
ISO/IEC 27002:2022 | 5.12 - 5.13 - Classification & Labelling of Information
Per ISO/IEC 27002:20222 | 5.12 - Classification of Information, “Information should be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements. Additionally, per ISO/IEC 27002:2022 - Labelling of Information, “An appropriate set of procedures for information labelling should be developed and implemented in accordance with the information classification scheme adopted by the organization.”
ISO/IEC 27002:2022 | 5.10 - Acceptable Use of Information | Email Usage Policy
Per ISO/IEC 27002:20222 | 5.10 - Acceptable Use of Information and Other Associated Assets “Personnel and external party users using or having access to the organization’s information and other associated assets should be made aware of the information security requirements for protecting and handling the organization’s information and other associated assets.”
ISO/IEC 27002:2022 | 5.11 - Return of Assets Policy
Per ISO/IEC 27002:20222 | 5.11 - Return of Assets, “Personnel and other interested parties as appropriate should return all the organization’s assets in their possession upon change or termination of their employment, contract or agreement.”
