In January 2010, SPEVACEK translation services implemented the ISO/IEC 27001 Security Management System to ensure maximum security of client data.
ISO/IEC 27001 describes the formal aspects of a management system aimed at controlling information security. Its formal nature means that the standard defines specific requirements. Organizations that adopt ISO/IEC 27001 are considered formally audited and certified as compliant with the standard.
Under ISO/IEC 27001, the management must meet the following requirements:
- Systematic review of the organization’s information security risks in view of threats, vulnerabilities, and impacts;
- Design and implementation of a coherent and comprehensive suite of information security controls and/or other forms of risk management (such as risk avoidance or risk transfer) to address risks that are deemed unacceptable; and
- Adoption of an overarching management process to ensure that information security management continues to meet the organization’s information security needs on an ongoing basis.