Announcing ISO 27001 Certification

Posted by: Ian Lowe, Product Marketing Director of HID SAFE in IAM Solutions

JUNE 2020

HID Visitor Manager, our unified digital and physical identity and access management (PIAM) cloud platform, is certified to the rigorous ISO 27001 international security standard. The family of 27000 ISO standards is designed to ensure organizations can protect and manage the security of vital assets, including:

  • Financial information and accounts

  • Intellectual property

  • Personally identifiable information

  • Network and application security

  • Business continuity

  • Supplier relationships

Product Blog

What Does It Mean to Be ISO 27001 Certified?

ISO 27001 is one of the most rigorous security standards in the world. The standard describes the management systems needed to bring information security under management control. It sets out guidelines, suggestions, and best practices that organizations and tools need to meet in order to pass the ISO 27001 certification process. Once something has achieved ISO 27001 certification, you can trust that it adheres to robust requirements for online and physical security.

In short, ISO 27001 is the best-known standard for providing requirements for an information security management system (ISMS). It does not state an organization has to carry out specific actions, but it does provide suggestions for process documents, auditing, improvements, and corrective and preventive actions.

What Is an Information Security Management System?

An Information Security Management System (ISMS) provides a set of procedures, policies, and guidelines to properly manage an organization's sensitive data. The aim is to minimize risks by proactively limiting the likelihood and severity of a security breach.

An ISMS will normally cover:

  • Employee behaviours and expectations

  • Business processes that influence security provisions

  • Data hygiene, privacy, and protection

  • Technology: onsite, offsite, hardware, software, and integrations

An ISMS can be applied to specific types of data or tools, or across the organization as a whole.

What Security Controls and Domains Are Part of ISO 27001?

The ISO 27001 standard defines the following areas where organizations need to prove compliance:

  • Information security policies

  • Organization of information security

  • Human resource security

  • Asset management

  • Access control

  • Cryptography

  • Physical and environmental security

  • Operations security

  • Communications security

  • System acquisition, development, and maintenance

  • Supplier relationships

  • Information security incident management

  • Information security aspects of business continuity management

  • Compliance with internal requirements, such as policies, and with external requirements, such as laws

What Is HID Visitor Manager?

HID Visitor Manager is a cloud-based platform that protects and provides a safe workplace with enterprise-grade physical identity and access management.

HID Visitor Manager helps both your IT and physical security teams to centrally manage all types of cyber and physical access identities within your organization, including automating on-boarding and off-boarding workflows, and unifying policies related to access entitlements and badging.

How Did We Achieve ISO 27001 Certificate for HID Visitor Manager

Our ISO27001 certification comes after an extensive audit of HID Visitor Managers Information Security Program. We used an independent auditing firm to validate the design and operational effectiveness of HID Visitor Manager's security management program.

The underlying ISMS implementation was assessed and examined to ensure it supported the functioning of the Information Security Program for HID Visitor Manager. Our ISMS is a system we implemented through standardized security practices and processes, and sound technical controls including:

  • Our IT infrastructure and integrated and associated systems

  • Physical locations including HID offices and development centers

  • HID Visitor Manager's software design and development practices including product design and development, engineering, and security

  • Our security and risk management policies, procedures, and requirements

  • Customer service management processes

What Does HID Visitor Manager’s ISO 27001 Certification Mean for You?

Our adherence to ISO 27001 ensures the confidentiality, integrity, and availability of information that your organization controls and processes through our software, systems, and tools. It provides reassurance that we take all the necessary steps to protect your information. It also confirms that our Information Security Program complies with industry-leading security best practices, and reinforces our focus on keeping your data Visitor Manager.