We take threats to the availability, integrity, and confidentiality of our client's information seriously. As such, we are pleased to announce that Bevy is an ISO/IEC 27001:2013 certified provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization. We invested significantly in this effort and are proud of this accomplishment.
ISO/IEC 27001:2013 is an information security standard published by the International Organization for Standardization (ISO), the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC). Our certification was issued by A-lign, an independent and ANAB-accredited certification body based in the United States on successful completion of a formal audit process.
ISO/IEC 27001:2013 is meant to be usable for virtually any type of organization and requires active maintenance to ensure the ISMS remains relevant and fits the organizational context, as it changes over time.
Key features include:
- Active management involvement
- Risk management processes
- Continuous improvement
- Internal and external auditing
It is possible to have a ISO/IEC 27001 compliant ISMS without being certified. Of course, it lends a lot more assurance to undergo external auditing by an ANAB-accredited certification body to achieve independent certification of such compliance. The latter is the path we chose; surveillance audits in subsequent years will help assure our continued compliance with the standard.
Management of organizational security should not occur by accident. ISO/IEC 27001, describes a framework for an ISMS that (among other things) requires active leadership involvement. At Bevy security is part of the conversation, from top to bottom. We determined that ISO/IEC 27001 provides useful formalism appropriate for our organization and we subject ourselves to external auditing to ensure we continue to conform.
As a client, you should expect this.