Modulo Security, the Risk Assessment, Compliance and Knowledge Company, is the first information security company in the world to achieve the ISO 27001 certification. ISO 27001 is the first international information security certification standard and an evolution on British Standard BS 7799-2. It addresses the definition of requirements for implementation of an Information Security Management System - ISMS. The standard was adopted in October 2005 by the International Organization for Standardization (ISO), which handles international certification standards.
“The publication of ISO 27001 shows how important Information Security has become. It is now perceived as strategic to the business of any company. One of the consequences of this stronger standard is that it has boosted organizations' interest in obtaining an internationally recognized certification for information security, much like ISO 9001 for quality and ISO 14001 for the environment,” says Charlie Warhaftig, Modulo Security's USA Director..
Certification in record time and new productsModulo Security achieved this certification in record time thanks to the use of Risk Manager™ - ISO 27001 was published in October of 2005. “Using Risk Manager™ was critical to attain this certification. Using a specific checklist to support the certification rendered the auditing process preceding the certification about 50% faster”, ensures Charlie Warhaftig.
Risk Manager™ Features
Risk Manager™ is an evolution on the tool used by Modulo Security's consulting team and has been employed in more than 800 projects. In a fast, simple and structured way, it carries out risk analysis for technological assets (software and equipment) and non-technological assets (people, processes and environments).
Currently, Risk Manager™™ has more than 110 Information Security checklists and more than 7000 security controls which are constantly updated by the Modulo Security Lab's team. By the use of reports generated by Risk Manager™, managers can identify the most critical areas, departments, processes, systems and geographical regions. In addition, they can maximize their investment and implement metrics to monitor their risk mitigation actions. Among Risk Manager™'s clients are large companies in the financing, telecommunications, energy, and manufacturing industries, as well as governmental agencies.