Tectrans are ISO 27001:2022 Certified
Tectrans are fully certified to the ISO 27001 Information Security Management standard. We have always taken great efforts to keep customer information and documentation as secure and private as possible, and we decided to follow the ISO 27001 standard to enforce this and make it as rigorous as possible.
ISO 27001 is a worldwide, well recognised standard for managing information security within a business. It has a combination of prescribed control measures which any business will have to put in place if they claim to be following it, and a series of processes for continuing improvement and self-generation of improved measures and practices.
The ISO 27001 standard has recently been updated to the “2022” version. This updated version more closely aligns to the requirements of the modern information environment, such as cloud-computing and the GDPR/Data-Protection-Act regulations.
Broadly speaking, the measures required by the standard fall into 3 main categories:
Physical Security – access and door controls, processes for who can enter or access the building, screen locking policies, clear desk policies, CCTV, intruder alarms, access control to servers and data storage, etc.
Technical Security – encryption in transit and at rest, password policies, network access control, authentication mechanisms, penetration testing, etc.
Process Security – contractual and confidentiality relationships with suppliers, training programs for all relevant staff, information security policies, data retention and backup policies, etc.
This gives the following benefits to both Tectrans and to our customers:
- Tectrans are required to identify and assess information security risks, implement appropriate controls and establish processes for incident response. This safeguards your data and reduces the risk of unauthorised access, loss, or disclosure.
- Implementing measures to prevent and respond to incidents will minimise the disruption to our business and your projects.
- It provides assurance that your data is handled in a secure and professional manner.
- It provides confidence that your data is protected from security breaches and cyber threats.
- It ensures compliance with laws such as GDPR.