ISO 27001:2013 is one of the most well-known and internationally recognized information security standards and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). This organizational certification, bestowed on INOC for successful completion of a formal audit process, is evidence that the organization has met rigorous international standards to ensure the confidentiality, integrity, and availability of the customer data, systems, and infrastructure our NOCs monitor and manage for our clients.
INOC achieved the ISO 27001 certification in 2015 and has diligently kept the certificate current since then. In doing so, we practice continual improvement to our ISMS (Information Security Management System). INOC has built a security team that covers staff roles in compliance, technical, and SOC operations to maintain the ISMS. INOC is required to be audited, internally and externally, on an annual basis. The internal audit, which a 3rd party firm conducts, is an ISO requirement and is designed to be a readiness audit for the annual external audit. The external audit is segmented into three-year audit cycles. After the first year of conducting a full certification audit, the next two years are dubbed surveillance audits that measure all 27001 (mandatory) controls and half of the 27002 Annex A controls. When the third year is reached, a full audit of all 27001/2 controls is required, and then the process repeats itself.
The INOC Security team just completed another three-year audit cycle in 2020. In 2021, INOC launched a new three-year certificate renewal process. We completed an internal and external audit this Spring. We will now be issued a new certificate that will take us until 2024. We will still be required to conduct surveillance audits in 2022 and 2023.
As a leader in the NOC services industry, INOC takes security very seriously. We set the goal of continuously improving our security standards, and we will continue with the audits every year to maintain this high standard. The ISO 27001:2013 certification provides our clients and their customers with peace of mind in knowing that their data and information are protected.
We often provide assistance in our clients' and partners' security audits for the NOC support we provide. Please contact me if you would like more information on how we can support you in maintaining security compliance.
Rick Smith, ISMS Manager