Last updated: 
2 months 6 days ago
Blog Manager
I'm the Information Security Manager at Janet and through this blog I'll be sharing some of my experiences, ideas and thoughts on information security topics.

Group administrators:

ISO 27001 Certification

Thursday, August 11, 2016 - 14:31

You may have noticed the quiet appearance of ISO 27001 (and ISO 9001!) logos on our website – a few weeks ago our information security management system was successfully certified against ISO/IEC 27001:2013 for the following Trust and Identity services.

The scope is limited to these services but our plan is to expand the certification scope over time, including further services provided by Jisc. These four services were already within scope of our ISO 9001:2008 certification, which covers the operation, development, and support of the Janet network and associated services. More information on our ISO certifications is available

Getting to this point has been a two-year project, conducted as part of a larger security programme taking place within Jisc, and has involved the hard work and input of many individuals and teams across the company. Despite the simplicity of the standard, implementing a certified ISMS is not a trivial undertaking, and it can be easy to lose sight of the destination. Now that things have settled down after the stage two audit it's good to reflect on the progress we’ve made and what we’ve learned about how information security works in organisations. I hope that we’ll be able to share some of these experiences with you. I’m about to start preparing some for a presentation to a GEANT SIG on setting the scope and context for your ISMS (and was an area identified as needing improvement after our stage one audit), and how these relate to your awareness and communications activities. If there are aspects of ISO 27001:2013 that you’d like us to share with you, please let us know in the comments.