HID SAFE Is Now Certified to the ISO 27001 Security Standard
We’re delighted to announce that HID® SAFE™, our enterprise-class physical identity and access management (IAM) system, is now certified to the rigorous ISO 27001 international security standard. The family of 27000 ISO standards is designed to ensure organizations can protect and manage the security of vital assets, including:
- Financial information and accounts
- Intellectual property
- Personally identifiable information
- Network and application security
- Business continuity
- Supplier relationships
What Does It Mean to Be ISO 27001 Certified?
ISO 27001 is one of the most rigorous security standards in the world. The standard describes the management systems needed to bring information security under management control. It sets out guidelines, suggestions, and best practices that organizations and tools need to meet in order to pass the ISO 27001 certification process. Once something has achieved ISO 27001 certification, you can trust that it adheres to robust requirements for online and physical security.
In short, ISO 27001 is the best-known standard for providing requirements for an information security management system (ISMS). It does not state an organization has to carry out specific actions, but it does provide suggestions for process documents, auditing, improvements, and corrective and preventive actions.
What Is an Information Security Management System?
An information security management system (ISMS) provides a set of procedures, policies, and guidelines to properly manage an organization's sensitive data. The aim is to minimize risks by proactively limiting the likelihood and severity of a security breach.
An ISMS will normally cover:
- Employee behaviors and expectations
- Business processes that influence security provisions
- Data hygiene, privacy, and protection
- Technology: onsite, offsite, hardware, software, and integrations
An ISMS can be applied to specific types of data or tools, or across the organization as a whole.
What Security Controls and Domains Are Part of ISO 27001?
The ISO 27001 standard defines the following areas where organizations need to prove compliance:
- Information security policies
- Organization of information security
- Human resource security
- Asset management
- Access control
- Physical and environmental security
- Operations security
- Communications security
- System acquisition, development, and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Compliance with internal requirements, such as policies, and with external requirements, such as laws
What Is HID SAFE?
HID SAFE is a flexible, scalable, off-the-shelf software that enables organizations to manage identities across the IAM lifecycle. This includes:
- Advanced Access Manager
- Badge Manager
- Visitor Manager
- Security Reporter and Operational Analytics
HID SAFE Enterprise enables your physical security teams to centrally manage all types of physical identities within your organization, including automating policies related to access entitlements and badging.
How Did We Achieve ISO 27001 Certificate for HID SAFE?
Our ISO27001 certification comes after an extensive audit of HID SAFE’s Information Security Program. We used an independent auditing firm to validate the design and operational effectiveness of HID SAFE’s security management program.
The underlying ISMS implementation was assessed and examined to ensure it supported the functioning of the Information Security Program for HID SAFE. Our ISMS is a system we implemented through standardized security practices and processes, and sound technical controls including:
- Our IT infrastructure and integrated and associated systems
- Physical locations including HID offices and development centers
- HID SAFE’s software design and development practices including product design and development, engineering, and security
- Our security and risk management policies, procedures, and requirements
- Customer service management processes
What Does HID SAFE’s ISO 27001 Certification Mean for You?
Our adherence to ISO 27001 ensures the confidentiality, integrity, and availability of information that your organization controls and processes through our software, systems, and tools. It provides reassurance that we take all the necessary steps to protect your information. It also confirms that our Information Security Program complies with industry-leading security best practices, and reinforces our focus on keeping your data safe.
As Julian Lovelock, Vice President of HID SAFE says: “Security is at the very heart of HID SAFE. ISO 27001 certification demonstrates that our Information Security Program complies with international security best practices and shows our commitment to protecting HID SAFE customer data. As infrastructure transitions to the cloud, organizations need to be confident that data is secure. ISO 27001 certification is foundational to providing that confidence.”
Find out more about how HID SAFE can help your organization.
Get the latest blogs on identity and access management delivered straight to your inbox
Ian Lowe is Product Marketing Director for HID SAFE and is passionate about marketing all things related to Identity, Cybersecurity, IoT, Cloud and Digital transformation. In his 19-year career, Ian has become a recognized product marketing and sales enablement leader having created and launched successful cloud-based identity and security solutions that are used by top technology firms, financial services organizations and governments around the world today.