News and Logixal in the press

Logixal achieves international standard ISO/IEC 27001:2013 Information Security Management

Press Release

London | April 2022

Logixal, the technology-managed service provider (MSP) has achieved ISO/IEC 27001:2013 Information Security Management certification.

This is the most up-to-date international standard for information security for an organisation. Focus is on establishing, implementing, maintaining, and continually improving the security of information and data. 

Information security has become a critical issue for organisations as the risks associated with cyber-attacks and data breaches continues to increase. 

ISO/IEC 27001: 2013 is the international standard that provides the specification for an information security management system. It is a best-practice approach and is a framework that helps organisations manage their information security by addressing three key pillars: people, processes, and technology. The standard ensures that customer and employee data is stored securely and complies with legal requirements such as GDPR. Independent, accredited certification to the Standard is recognised worldwide as it proves a company adheres to best practice requirements in establishing, implementing, maintaining, and continually improving its information security management system (ISMS).  

Achievement of the certification is the result and the successful outcome of an external, independent, rigorous two-stage assessment audit by BSI of Logixal’s Information Security Management System (ISMS).  

Commenting on Logixal meeting the international certification standard, Founder and CEO at Logixal, Daniel Hoile, said: “It is testimony to our absolute commitment to having the highest standards of excellence and best practice in our robust information security management system. This demonstrates to our customers and suppliers alike that their sensitive information and data are protected and safe, and we are passionate about adhering to the highest global standards to ensure this “ 

The audit covered analysis and assessment of Logixal’s information security management system against 114 controls and included proof of the following: 

  • Information security policies | Management direction for information security:  Management direction and support has been provided for information security in accordance with business requirements and relevant laws and regulations.  

  • Organisation of information security: A management framework has been established to initiate and control the implementation and operation of information security with the organisation. 

  • Information security policies: Policies are defined and effectively communicated to all employees. 

  • Mobile devices and teleworking: Policies and supporting security measures are in place to manage the risks associated with use of mobile devices and implemented to protect information accessed, processed or stored at teleworking sites.  

  • Human resource security: Policies and controls are in place to ensure employees and contractors understand and adhere to their responsibilities for information security, prior, during and end of employment.  

  • Asset Management: Controls are in place to identify Logixal’s assets and appropriate protection responsibilities have been defined, which include inventory of assets, ownership of assets and acceptable use of assets, and return of assets.  

  • User access management: Controls are in place to ensure authorised user access and to prevent unauthorised access to systems and services and ensure users are accountable. 

  • Media handling: Controls are in place to prevent unauthorised disclosure, modification, removal or destruction of information stored on media. 

  • System and application access control: Controls are in place to prevent unauthorised access to systems and applications, including secure log-on procedures, password management. 

  • Cryptography: Controls are in place to ensure proper and effective use of cryptography to protect the confidentiality, authenticity and /or integrity of information.  

  • Physical and environmental security: Controls are in place to prevent unauthorised physical access, damage and interference to the organisation’s information processing facilities as well as to prevent loss, damage, theft or compromise of assets and interruption to the organisation’s operations.  

  • Operations security | Operational procedures and responsibilities: Controls are in place to ensure correct and secure operations of information processing facilities  

  • Operations security | Protection of Malware: Controls (detection, prevention, and recovery) have been implemented to ensure that information and information processing facilities are protected against malware, plus user awareness training for all employees.  

  • Operations security | Backup: Controls have been put in place (in accordance with a Logixal backup policy) to have backup copies of information, software and system images.  

  • Control of operational software: Procedures are implemented to control the installation of software on operational systems.  

  • Communications security: Network security management: Controls are in place to ensure the protection of information in networks and its supporting information processing facilities. 

  • Communications security: Information transfer: Information transfer policies and procedures and controls are in place to maintain the security of information transferred within the organisation and external entities.  

  • System acquisition, development, and maintenance: Controls have been put in place to ensure that information security is designed and implemented within the development lifecycle of information systems.  

-Ends-