Our Baltum Bureau team, together with our partners can help you in matters of IT Certification.
ISO 27001 certification is a widely recognized standard for information security management systems (ISMS). The certification demonstrates an organization’s commitment to maintaining the confidentiality, integrity, and availability of its information.
Baltum Buroo is a certification body that provides ISO 27001 certification to organizations.
To obtain ISO 27001 certification, an organization must perform a number of steps, including writing necessary documentation and implementing security processes and controls, performing an internal audit, conducting a management review, and resolving any nonconformities.
The certification process involves a comprehensive assessment of an organization’s ISMS, including its policies, procedures, and controls, to ensure that it meets the requirements set forth in the standard. The audit process can be a complex and time-consuming effort, but understanding the process can help organizations prepare for a successful audit and reduce stress during the process.
Having ISO 27001 certification provides several benefits to organizations. It helps to improve the security of sensitive information, increase customer and business partner trust, and reduce the risk of data breaches and cyber attacks. It also provides a framework for organizations to manage their information security risks and continuously improve their security posture.
In conclusion, ISO 27001 certification is an important tool for organizations to demonstrate their commitment to information security. By working with a certification body like Baltum Buroo, organizations can obtain the certification and the benefits that come with it.
ISO 27701 is a standard that provides guidelines for managing and processing personally identifiable information (PII). It is an extension of the widely used
ISO 27001 standard for information security management systems (ISMS), and helps bridge the gap between privacy and security. The standard is intended to provide a point of integration between privacy protection and the management of PII within organizations. The standard specifically addresses requirements under the General Data Protection Regulation (GDPR) but also allows organizations to incorporate other privacy laws, regulations, and requirements into their privacy information management system (PIMS). Implementing a PIMS using ISO 27701 can help organizations demonstrate effective privacy data management and provide a framework for privacy protection.
There are many potential benefits to having a robust PIMS, including building trust with stakeholders, providing transparency, clarifying roles and responsibilities, supporting compliance with privacy regulations, and reducing complexity by integrating with ISO 27001.
The process of obtaining ISO 27701 certification generally involves completing a request form for a formal quote, receiving a signed quotation, and preparing for the audit.
After certification, you will receive a certificate that is valid for three years, and your certification body will visit regularly to ensure that your system remains compliant and continues to improve.
ISO/IEC 20000-1 is a standard for IT Service Management (ITSM) that provides a comprehensive process approach for organizations to efficiently deliver quality IT services.
By achieving ISO/IEC 20000-1 certification, organizations can demonstrate their commitment to delivering quality services and show that they are an agile organization that responds to the changing service delivery environment. Furthermore, ISO/IEC 20000 certification is structurally aligned with other management system standards, which makes it easier for organizations to comply with similar standards and regulations. In fact, government, military, and healthcare organizations have started mandating ISO/IEC 20000 certification for their IT service providers.
The ISO/IEC 20000-1 standard specifies requirements for an organization to establish, implement, maintain, and continually improve a Service Management System (SMS).
In conclusion, ISO/IEC 20000-1 certification provides numerous benefits for organizations in terms of demonstrating their commitment to quality IT service delivery and making it easier to comply with similar standards and regulations.
If your organization is interested in achieving ISO/IEC 20000-1 certification, consider working with a certification body such as Baltum Buroo.
ISO/IEC 29110 is a series of international standards and guides that were developed mainly to provide a roadmap for very small entities (VSEs) developing systems or software.
ISO/IEC 29110 series consists of four profiles (Entry, Basic, Intermediate, and Advanced) that guide VSEs in their software development process, from start-ups to grown-ups. The series provides a comprehensive roadmap for VSEs to follow, covering all stages of the software development lifecycle, including requirements analysis, design, codin g, testing, and maintenance.
ISO/IEC TR 29110-1:2016 document provides an introduction to the major concepts required to understand and use the ISO/IEC 29110 series, and explains the characteristics and requirements of a VSE and the rationale for VSE-specific profiles, documents, standards, and guides. The series is not intended to exclude or discourage its use by larger organizations than VSEs.
ISO 22301 establishes the requirements for an organization to create, implement, maintain and improve a BCMS (Business Continuity Management System).
This management system will allow the Company to:
-provide and maintain conditions for protection against violations of its activities;
-prepare measures to respond to violations without stopping its operation;
-prepare for recovery after the violations that have occurred (Examples of violations may be: natural disasters, cyber attacks and other events).
ISO 22301 is intended to use for all organizations or parts of them, regardless of the type, size and characteristics of the organization. But it is most relevant for organizations of critical infrastructure operating in such areas as energy, transport, financial sector, etc.
This standard is based on the PDCA (Plan-Do-Check-Act) cycle, and is also coordinated with other standards such as ISO 9001, ISO 14001, ISO/IEC 27001, etc., which allows for consistent and effective integration of the BCMS into existing management systems.
Baltum Buroo can offer a number of services to help you prepare for and complete certification, including support throughout the certification process.
The certification process includes a comprehensive assessment of the organization’s BCMS, including a review of all its processes. In case of compliance with the requirements of ISO 22301, the organization receives an international certificate based on the results of the audit.
ISO 22301 certification provides organizations with a number of benefits:
-identify potential risks and develop preventive measures;
-minimize damage from existing violations;
-to improve the risk management process;
-ensure business continuity in emergency situations;
-reduce the risks of downtime;
-strengthen the reputation and trust of the organization.
ISO/TR 23244:2020. Blockchain and distributed ledger technologies – Considerations for the protection of privacy and personal information.
Blockchain technology is a technology for distributing registers designed to protect against unauthorized access and create records that cannot be corrected. This approach is attractive for many industries, as well as for the financial sector, healthcare, agriculture, etc.
Nowadays, the rapid development of blockchain technology has led to the need to develop standards in this direction: the ISO expert committee has already published the first documents, a number of standards are still under development.
One of the relevant documents is the ISO/TR 23244 standard, which contains an analysis of the main problems related to personal data protection (PII) and confidentiality when using blockchain and distributed ledger technology (DLT).
ISO/TR 23244 certification will allow organizations to:
- manage the risks associated with confidentiality;
- identify ways to reduce risks;
- use the potential of blockchain and distributed ledger technology in order to increase privacy;
- increase the trust in the organization;
- minimize costs.
ISO/TR 23576:2020. Blockchain and distributed ledger technologies – Security management of digital asset custodians.
ISO/TR 23576 is one of the most relevant documents in the field of blockchain technology management and distributed ledger technology. The standard considers the main threats, risks and controls associated with:
— systems that provide digital asset storage and/or service exchange services to their customers (consumers and businesses) and security management in the event of an incident;
— asset information (including the digital asset signature key) that the digital asset custodian provides to its customers (consumers and businesses). Appropriate management of signature keys by digital asset custodians is a key issue in order to prevent improper use and transactions by unauthorized persons.
Beyond the scope of this document are:
— basic security controls for blockchain and DLT systems;
— business risks of digital asset custodians;
— separation of client assets;
— management issues.
ISO 37301 “Compliance Management System”
A CMS is a set of processes created to ensure that an organization complies with all applicable laws, regulations, and codes of conduct. An effective compliance management system (CMS) is able to identify relevant requirements, ensure their compliance throughout the organization, as well as monitor and optimize the implementation of these requirements.
ISO 37301 establishes requirements and provides guidelines for the creation, development, implementation, evaluation, maintenance and continuous improvement of a CMS.
ISO 37301 is applicable to any organization, regardless of sector (public, private, non-profit), size and nature of activity.
Certification for compliance with ISO 37301 is voluntary, but more and more companies are striving to implement a CMS management system and confirm their compliance with leading compliance practices.
The certification procedure is carried out in two stages.
An independent accredited body conducts a preliminary audit in order to assess the existing management system in the organization: an analysis of documentation, company goals, internal audit results, etc. is carried out.
At the second stage, a Certification audit is conducted, which includes:
-verification of the documentation package for compliance with ISO 37301 requirements;
-analysis of information on the functioning of the company from independent sources in order to assess the functioning of the compliance management system;
-interaction with the company’s staff and evaluation of their awareness, familiarization with documentation and development of compliance culture.
When nonconformities are identified, a number of comments and recommendations are prepared for the organization.
If all the requirements of the standard are met, the company receives an international certificate of compliance with ISO 37301. The certificate is valid for 3 years, in addition, technical supervision is carried out annually.
The benefits of ISO 37301 certification are:
- demonstrating commitment to the principles of fair and ethical business conduct in the market, as well as among regulators, investors, employees and other interested parties;
- increasing the level of customer trust and loyalty;
- effective risk management through the implementation and development of a compliance culture;
- reducing the risks of violating legislative and regulatory requirements.
ISO 18788 “Security Operations Management System”
ISO 18788 establishes guidelines and provides support to organizations that carry out security activities. The standard acts as the basis:
- the development, implementation, monitoring, evaluation, support, maintenance and improvement of the Security Operations Management System (SOMS);
- risk assessment and compliance with legislation;
- for incident management and operational control;
- concepts of respect for human rights and compliance with existing rules and laws.
A security operations management system (eng. SOMS – security operations management system) is a set of procedures, policies, and controls that allows an organization to effectively and efficiently manage its security operations.
Therefore, the ISO 18788 certificate of conformity will be relevant for any private security organization involved in conducting or concluding contracts for security operations, namely:
-security (armed, unarmed, patrol and response officers, cash transportation specialists, cynologists) and VIP security;
-control point (video monitoring);
-consultations on safety and risks;
-personnel verification;
-training in various security operations;
-investigations (investigators, polygraphs);
-security technologies (alarm systems, video surveillance, software, etc.).
For successful ISO 18788 certification, it is necessary to develop and implement SOMS in an organization, conduct internal audits to assess the management system, identify any nonconformities and search for potential to improve SOMS.
The next stage is the certification audit, which is conducted by an accredited certification body in order to verify compliance with the requirements of ISO 18788.
Baltum Buroo can offer a number of services to help you prepare for and complete certification, including support throughout the certification process.
ISO 18788 certification will help the organization:
1) increase the trust of customers, the state and other interested parties;
2) to increase competitiveness and reputation in the field of private security activities;
3) to confirm the level of professionalism and quality of services;
4) to increase the efficiency of activities through the use of best practices;
5) demonstrate commitment to national and international laws, as well as the protection of human rights.
ISO/IEC 27035 “Information Security Incident Management”
ISO/IEC 27035-1:2023 “Information technology — Information security incident management. Part 1: Principles and process”.
This document is the basis of the ISO/IEC 27035 series of standards and contains the basic principles and processes for information security incident management, which provide a structured approach to incident preparation, detection, reporting, assessment and response.
ISO/IEC 27035-1:2023 is intended for all organizations, regardless of their type, size or nature of activity, and is also applicable to external organizations providing information security incident management services.
ISO/IEC 27035-2:2023 “Information technology — Information security incident management. Part 2: Guidelines to plan and prepare for incident response” contains recommendations for planning and preparing for incident response, as well as for learning lessons from the incident response process. The basis for this document is the main stages of the information security incident management model presented in ISO/IEC 27035-1:2023, namely the stages of “planning and preparation” and “learning lessons”.
The main points of the “planning and preparation” stage include:
— information security incident management policy and commitment of senior management;
— information security policies, including those related to risk management, updated both at the organizational level and at the level of systems, services and networks;
— information security incident management plan;
— the formation of the Incident Management Group (IMT);
— establishing relationships and connections with internal and external organizations;
— technical and other support (including organizational and operational);
— briefings and training on incident management in the field of information security.
The “learning lessons” stage includes:
— identification of areas requiring improvement;
— identification and introduction of necessary improvements;
— evaluation of the work of the Incident Response Team (IRT).
The recommendations given in ISO/IEC 27035-2:2023 are general and intended for use in all organizations, regardless of their type, size or nature. This document is also applicable to external organizations providing information security incident management services.
ISO/IEC 27035 certification will allow an organization to effectively manage information security incidents by applying relevant concepts, tools and methods based on the best practices of ISO/IEC 27035.
The ISO/IEC 27033 series consists of the following parts under one general heading “Information technology — Security techniques — Network security”:
Part 1: Overview and concepts
Part 2: Guidelines for the design and implementation of network security
Part 3: Reference networking scenarios — Threats, design techniques and control issues
Part 4: Securing communications between networks using security gateways
Part 5: Securing communications across networks using Virtual Private Networks (VPNs)
Part 6: Securing wireless IP network access
ISO/IEC 27033 defines and describes concepts related to network security and provides recommendations for network security management.
ISO/IEC 27033 certification will ensure:
– protection of IT networks from threats and vulnerabilities;
– secure information exchange through the use of encryption, secure network architecture, etc.;
– improving the reputation of the organization and the trust of customers through confidence in the security of the organization’s digital infrastructure.
– effective management and control of network security risks.
The ISO 31000 international standard is applicable to all organizations, regardless of shape, size, and field of activity, in order to develop and implement a risk management system. This system will allow the organization to:
1) improve the quality and safety of manufactured goods/services provided;
2) optimize the company’s activities and improve the efficiency of business process management;
3) increase the trust of customers, suppliers, investors and other interested parties;
4) minimize costs and downtime by improving the efficiency of planning.
Thus, the ISO 31000 certificate is a document that demonstrates to all interested parties (customers, partners, supervisory authorities, employees of the company, etc.) confirmation of:
– effective management of the organization;
– effective risk management and various threats;
– rational use of resources.
Baltum Buroo is ready to offer a number of services that will help you prepare for and complete certification, including support throughout the certification process.