One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 497784 |
| Date de publication | 2018-03-06 14:00:00 (vue: 2018-03-06 14:00:00) |
| Titre | AlienVault USM Anywhere ISMS is Now Certified to ISO 27001:2013 |
| Texte |
I’m pleased to announce that AlienVault’s USM Anywhere Information Security Management System (ISMS) is certified to ISO 27001:2013 by an accredited certification body. This certification underscores our commitment to providing effective threat detection and rapid incident response capabilities in a secure cloud environment.
Our certification process was led by Coalfire ISO, Inc., an ISO/IEC 27001 Certification Body accredited by the ANSI-ASQ National Accreditation Board (ANAB). The scope of this certification includes the following: the development and implementation of a rigorous security program, which includes the development and implementation of an ISMS for the AlienVault Unified Security Management® (USM) product offering, which includes USM Anywhere™ and USM Central™.
About ISO/IEC 27001:2013
The ISO/IEC 27001 family of standards define a global standard for information security management. These standards outline the best practices and security controls required for a strong information security program, one that protects sensitive company information. The standards are comprehensive, spanning the people, processes, and IT systems involved in an organization’s security program.
The sensitive information covered in ISO 27001 includes any data entrusted by third parties. For a SaaS security provider like AlienVault, this means that, in order for USM Anywhere to be compliant with ISO 27001:2013, we had to demonstrate how we secure, transmit, and store data on behalf of our customers. Having this certification gives our customers extra assurance that we are securely handling their sensitive security-related data.
Like our compliance certifications for PCI DSS, SOC 2 Type 2, and an attestation of HIPAA compliance, our successful completion of a third-party audit and compliance certification for ISO 27001:2013 tells our customers that we are doing exactly what we say we are doing—that we maintain robust security controls to continually support and protect your data as well as our own.
We’ve Been Drinking Our Own Champagne Again
Last year, when AlienVault achieved compliance certifications and attestations for PCI DSS, SOC 2, and HIPAA, I described how we used the AlienVault USM Anywhere service in house to demonstrate our compliance. We did the same for our ISO 27001:2013 certification. While it’s not mandated that a security solution provider use its own product for its internal security and compliance programs, I do think it is important that you “drink your own champagne,” (or, as I noted in the previous blog, “eat your own dog food.”)
With the USM Anywhere service offering, our compliance officer was able to readily walk auditors through many of the key security controls outlined in ISO 27001:2013. Because the platform has many out-of-the-box compliance features, including pre-built reports and custom data views, it makes it simple and fast to navigate an audit process.
For customers on their own compliance path for ISO 27001:2013 certification, AlienVault USM can help to cut through the complexity and uncertainty of the audit.
How ISO 27001:2013 Sets the Stage for the GDPR
At AlienVault, we haven’t been shy about the fast-approaching deadline (May 25, 2018) for the EU General Data Protection Regulation (GDPR). |
| Envoyé | Oui |
| Condensat | “drink “eat 2018 27001 27001:2013 able about accreditation accredited achieved again alienvault alienvault’s anab announce ansi any anywhere anywhere™ approaching are asq assess assurance attestation attestations audit auditors because been behalf best blog board body box built can capabilities central™ certification certifications certified champagne cloud coalfire commitment company completion complexity compliance compliant comprehensive continually controls covered creating custom customers cut data deadline define demonstrate described detection development did dog doing doing—that drinking drive dss effective entrusted environment established evidence exactly extra family fast faster features following following: food free gave gdpr general gives global goals great had handling has haven’t having help here hipaa house how i’m identified implementation important inc incident included includes including information internal involved isms isms for iso iso/iec it’s its key last led like maintain makes management management® mandated many may means meet national navigate need not noted now offering officer official one order organization’s organizations out outline outlined own parties party path pci people platform pleased point practices pre previous process processes product program programs protect protection protects provide provider providing rapid readily readiness recent regulation related reports required response rigorous robust saas same say scope secure securely security see sensitive service set sets short shy simple soc solution spanning stage standard standards starting store strong successful support system systems tells test these think third threat through today transmit trial type uncertainty underscores unified use used usm views walk watch way we’ve webcast well what when which year your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.