ISO 27001 quality label

Flexmail has obtained the ISO 27001:2013 certificate, the worldwide standard for information security. This way, we show in a simple, transparent and globally recognized way that we offer the best guarentees on our information and data security.

 

What is an ISO 27001:2013 certificate?

The ISO 27001:2013 standard refers to an information security management system (ISMS) and specifies how you can manage security risks in a provable manner.

Advantages of ISO 27001

As a customer of Flexmail, you can rest assured: We take security management very seriously. This certification offers our customers the guarentee that there are sufficient security measures in place in order to protect data and information. And this has additional advantages:
 
  • You will receive certainty on the quality of the security, due to an internationally recognised quality label
  • We perform systematic research on security risks and advise our customers on threats, vulnerabilities and their resulting impact
  • We immediately address risks that are viewed as unacceptable
  • We are subjected to external audits that closely examine all aspects of information security

 

Requirements for ISO 27001

This quality label results from an extensive external audit on Security Management. The following areas were thoroughly reviewed:
 
  • Policy (Management)
  • Rules and regulations (Computer Crime Act, Personal Data Protection Act)
  • Organisational aspects (liability)
  • Capital assets (infrastructure, network, systems and other means of exploitation)
  • Personnel (house rules, mistakes, theft, fraud, abuse)
  • Physical aspects (locks, fire prevention)
  • Communication and operation (management of systems, processes and procedures)
  • Access control (password, biometrics)
  • System and software development and maintenance (documentation, processes)
  • Continuity (disaster recovery infrastructure)

When realising an ISMS (Information Security Management System), the ISO 27001:2013 standard specifies that you need to determine a scope and a policy, conduct a risk analysis, select, implement and manage measures for the identified risks (allocate resources) and finally monitor and review the foregoing (cyclically).