IT security audit according to ISO/IEC 27001 in Sertika

IT SECURITY AUDIT AND CERTIFICATION ACCORDING TO ISO/IEC 27001

As an accredited company, SERTIKA audits and certifies the company's management system according to the IT security standard ISO/IEC 27001.

WHAT IS IT SECURITY AUDIT ACCORDING TO ISO /IEC 27001 STANDARD?

Sertika auditors assess the compliance of the IT security management system in the client's documentation and activities. After the audit, when Sertika makes a positive decision to certify the company's management system, an accredited IT security certificate is issued to the audited client, which certifies that the client's management system meets and operates in accordance with the requirements of the ISO/IEC 27001 standard.

WHY IS IT WORTH IT TO AUDIT THE MANAGEMENT SYSTEM ACCORDING TO THE ISO/IEC 27001 STANDARD WITH SERTIKA AUDITORS?

IT SECURITY ACCORDING TO ISO/IEC 27001 IN SERTIKA

We would like to inform you that we have continuously, and especially during the year 2021, improved existing and implemented new IT security and personal data protection procedures in accordance with GDPR at SERTIKA, assessed information security risks and prepared their management plan and suitability statement. Soon we will supplement SERTIKA's quality policy on IT security issues.

We also solved technical challenges regarding IT security compliance with the ISO/IEC 27001 standard in SERTIKA:

• we adjusted the backup process;
• we inventoried the entire IT infrastructure (soft and hard part);
• we changed the physical and virtual access procedures;
• a two-step authentication procedure has also appeared
• and a good VPN - we can work safely outside the office.
• every piece of equipment and servers has UPS - we protect the equipment from voltage fluctuations or loss.
• together with the Information Security Officer Mažvydas Zabotka we receive real-time notifications about changes in the state of the systems that are worth paying attention to;
• and automatic reports every day, which allow you to create an overview of the state of the services we use;
• and in the event of unforeseen incidents, to respond to them quickly.
• Subscriptions to newsletters related to information security gaps that affect our chosen suppliers provide an opportunity to react in a short period of time and prevent the use of found vulnerabilities, thus protecting our data and that of our customers.
• We respond to emerging IT security vulnerabilities around the world in a timely manner, such as a zero-day critical security vulnerability called Log4Shell that is currently being addressed.
• we constantly monitor how the equipment works and what needs to be repaired.
• the internal communication system and online meeting platform were also revised,
• the method of sharing documents has also been changed.

And this is only part of the work that I, as the head of the company, see running smoothly and carefully supervised.

During these years, the SERTIKA team learned a lot and learned a lot in practice in the field of IT security and Data Security according to the GDPR. We know that we are much more prepared to serve our customers and to store the important technical documents entrusted to us by you about the legalization of the product or information about the state of your management system, internal audits, analyzes or other important data for you. And at the same time, we strengthened the enforcement of personal data protection in accordance with GDPR requirements.

During January and February, SERTIKA's audit manager, Kristina Jatautienė periodically performs an internal audit of SERTIKA's information security management system in accordance with the requirements of the ISO/IEC 27001 standard. We look forward to the results of this year's internal audit as well, and after that we plan to inform the public and our customers how we are managing to implement IT security this year in accordance with the requirements and provisions of the ISO/IEC 27001 standard.

BENEFITS OF IT SECURITY ACCORDING TO ISO/IEC 27001

Therefore, we can now guarantee that we know IT security according to ISO/IEC 27001 and data security according to GDPR:

• and from the inside,
• and from the outside,
• and theoretically,
• and in practice.

We won a lot for our company and customers, because we manage and protect your data even more responsibly. The new quality of the SERTIKA IT security and data security management process will enable even more confidence in other services we provide: safety tests in the laboratory, evaluation of technical documentation, training.

We can also offer our clients an even more effective audit in accordance with the ISO/IEC 27001 IT security standard and certification. The SERTIKA team took a deep look at the standard: from the internal needs of the company and applied it in reality, not just on paper. We can share this experience with management system certification clients according to the ISO/IEC 27001 IT security standard.

The SERTIKA team, with the help of the implementation and development of the IT security management system, increased the sense of security and satisfaction with the result in the company.

Obvious changes: even more efficient work, smooth and safe sharing of information internally and externally, protection of data from damage and external potential hackers and pests.

Once again, I thank the entire SERTIKA team for the huge qualitative leap in SERTIKA's management process:

Vilma Bendžiuvienė – for the idea, initiative and start of the plan for IT security according to the ISO/IEC 27001 standard and personal data protection according to the GDPR, bringing together the team.

Mažvydas Zabotka –  for the huge, consistent implementation process that started even before we formalized it, starting in 2019. When we found bugs month after month, we kept improving and changing IT security processes both on paper and in reality.

Kristina Jatautienė – for the commitment to the second party audit in SERTIKA and future improvements, insights.

Irma Kulpavičienė – for the electronic document management procedure in SERTIKA.