Esoteric, the specialist global counterespionage and technical surveillance countermeasures (ie electronic bug sweeping) business, has announced that, in the wake of a rigorous evaluation of its information security processes, the company has now been granted the prestigious ISO 27001 certification by the British Standards Institution (BSI).
Accreditation demonstrates Esoteric’s commitment to information security, both in terms of its own internal data and that of its clients and partner organisations who entrust the Surrey-based business with their valuable and sensitive information.
Compliance with the International Organisation for Standardisation’s (ISO) strict requirements highlights a commitment from Esoteric to adopt Best Practice and provides both clients and partners with reassurances in respect of the handling and protection of their information.
“We place the very highest priority on information security,” stated Peter Gregg, operations and compliance manager at Esoteric. “The ISO 27001 certification demonstrates our commitment to continual improvement and, importantly, confirms that our policies and practises comply with the most stringent standards.”
Information Security Management Systems
ISO/IEC 27001 Information Technology — Security Techniques — Information Security Management Systems — Requirements is the internationally recognised Best Practice standard for Information Security Management Systems (ISMS). The ISMS framework of policies and procedures includes the legal, physical and technical controls involved in information risk management and covers people, processes and technology.
The 2013 version of the standard (ie the most recent iteration) places more emphasis on measuring and evaluating how well an organisation’s ISMS is performing. Building on the 2005 version, there’s now a section on outsourcing, which directly reflects the fact that many organisations rely on third parties to provide some aspects of IT. However, it doesn’t emphasise the Plan-Do-Check-Act cycle outlined by ISO 27001:2005. More attention is paid to the organisational context of information security.
Overall, 27001:2013 is designed to fit better alongside other management standards such as ISO 9000 and ISO/IEC 20000 (the latter references IT service management) and certainly has more in common with them.
“We recognise that information is one of a company’s most valuable assets,” remarked Emma Shaw CSyP, managing director at Esoteric. “Any risk to the integrity of that data can make or break a business. Security threats can impact a company financially, impede expansion, prevent client attraction, damage assets and, above all, impact reputation.”
When properly managed, a successful information security policy allows an organisation to operate with the utmost confidence. As Emma Shaw has stated, this is something the Esoteric team lives by and duly advocates for all of its clients.
As a business, Esoteric’s services for clients include the development of counterespionage/security strategies and policy implementation, technical surveillance countermeasures training and espionage awareness briefings, cyber espionage response and review/forensic investigations, the provision of critical information protection products (including ‘E-Room’ 24/7 monitoring sensors, mobile phone detectors and mobile phone blockers), RF attenuation and Shielded Rooms and covert investigations and surveillance.
For more than 100 years now, the BSI has absolutely led the way in the standards arena. The organisation sits among the most respected and reputable management systems certification bodies in the world and is presently accredited by around 20 local and international bodies.