Generali UK Branch Achieves ISO27001 Certification for Information Security
5th September 2014 - London
Generali has long recognised the importance of information security and our duty of care to preserve the integrity of data we process and host for our policyholders and stakeholders. Now more than ever before, our existing and potential clients seek independent assurance that their data is comprehensively secured against the threats associated with information security.
1.ISO 27001:2013 is an internationally recognised standard providing the framework for information security best-practice; clients increasingly expect their key suppliers to demonstrate accredited certification to this standard.
During 2014 Generali UK Branch took steps to formalise the information security best-practice already embedded within the organisation and to seek recognised certification to ISO 27001:2013. A full round of internal audits, a legal & compliance assessment and a review of Information Security Management Systems (ISMS) were undertaken prior to certification.
Management system documentation was drafted, including the formation of an ISMS Manual, Risk Assessment, Statement of Applicability, Legal Compliance Register and the updating of requisite policies, procedures and operational controls.
A comprehensive communication and awareness programme was rolled out to staff with emphasis placed on participation and feedback from everyone within Generali UK Branch.
In April 2014, following assessment by 2.Certification Europe, Generali UK Branch achieved certification to ISO 27001:2013
Mr Rajeeva Aluwihare, Head of IT and Operations at Generali UK Branch said: "Information security is vital to both Generali and our customers, so operating an Information Security Management System to ISO 27001 provides peace of mind for all parties.”
ISO 27001:2013 is an information security standard that was published on 25 September 2013. It cancels and replaces ISO/IEC 27001:2005, and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27. It is a specification for an information security management system (ISMS). Organisations which meet the standard may be accredited by an independent accreditor.
Founded in 1999, Certification Europe is an accredited certification body which provides International Organization for Standardization (ISO) management system certification. http://certificationeurope.com/