Protecting the integrity of customer data and ensuring its reliability has always been in our DNA. In the constantly changing landscape of cyber threats, organizations need a robust set of processes and specialized individuals to ensure that new risks are monitored, and systems are adapted accordingly.
To that end, we are proud to announce that Marketing Systems Group recently achieved ISO 27001 certifications. ISO 27001 is an international standard that details requirements for establishing, maintaining, and updating an information security management system (ISMS).
This standard requires systematic examination of information security risks, design and implementation of controls and risk treatments, as well as adoption of a management process to continuously meet ongoing security needs.
How Do We Implement This?
As we see it, information security has two parts that must be executed in tandem:
- Implementing information protection
- Monitor the implementation and improve as new threats surface
Implementing security controls around information is a lot like measures we take to physically secure our home and family.
You Would Do the Following:
- You would look for a home in a nice neighborhood.
- Keep an eye out and control your visitors and what they do in your home. In essence, who plays in the sandbox with our kids and what do they play?
- You would install a home monitoring system so that you are made aware of any threats.
- You would educate yourself and your kids on staying safe, communicating their activities, and set rules on what is allowed and what is not.
- You would create a “Plan B” that will allow you to find a safe way out in case of an emergency.
We follow a similar model when it comes to protecting information:
- A nice neighborhood – We ensure that our data resides in data centers that have proper security controls in place.
- Who plays in the sandbox – We ensure that all vendors and partners, in specific the ones who deal with our data have similar controls in place by conducting risk analysis with them on regular intervals. We also ensure that proper access controls are in place.
- Monitoring – All our environments are monitored 24/7 and we have dedicated and trained staff in charge of security and threat monitoring.
- Continuous education – We provide continuous training to all our staff members on information security and risks. We also conduct simulated threat assessments to understand preparedness by our staff members.
- Plan B – We develop disaster and business continuity plans that account for how we would recover and communicate with stakeholders to get back on our feet to continue providing services to our customers.
4 Steps for Continuous Improvement (PDCA):
- Plan – As part of our operating procedure, we retrospect problems and collect useful information to evaluate security risk and root cause. We then define policies and procedures that can be used to address root causes of problems. Next, we develop methods to establish continuous improvements to information security management capabilities.
- Do – We implement the developed security policies and procedures based on best practices.
- Check – We monitor effectiveness of ISMS policies and controls and evaluate tangible outcomes as well as behavioral aspects associated with the ISM processes.
- Act – We continuously improve by means of documenting results, sharing knowledge, and using feedback loops to address future iterations of the PCDA model implementation of policies and controls.
Certified, Authorized, and Compliant
SOC 2 Type II Certification – Our cloud data centers are SOC 2 Type II certified for the trust principles of Security, Availability, and Confidentiality.
ISO 27001Certifications – Marketing Systems Group achieved ISO 27001 certifications. For more information about ISO 27001, check out the ISO website.
All certificates and reports can be provided upon request.