As an extension of its existing information security management system, Intility has spent the last year working towards becoming ISO 27001 certified. The audit has now been completed and Intility has been awarded the certification. The scope of the certification covers all service deliveries from Intility, and supplements an already extensive audit reporting (ISAE 3402 type 2 for information security and ISAE 3000 type 2 for GDPR compliance).

Intility’s information security management system is implemented in accordance with the controls in ISO 27001 annex A. Of these controls, only “outsourced development” is scoped out.

The certification body Scandinavian Certification AS has conducted the certification audit.

What is ISO 27001?

ISO 27001 is an international standard for information security management systems (ISMS). The standard specifies the requirements for the establishment, implementation, maintenance and continual improvement of an ISMS. The aim of ISO 27001 is to protect information in a systematic way through a risk-based approach. The standard covers risk and performance management, management involvement, security measures and procedures for handling security incidents.

ISO 27001 also includes requirements for documentation, internal auditing and continuous improvement. This provides a structured approach to identifying, managing and mitigating risks related to information security, and helps ensure that organizations meet legal and regulatory requirements.