INFRATEL

19 Oct 2021



The International Organization Standardization (ISO) is the world’s global standards body that provides models for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving operations through setting of proprietary, industrial, and commercial standards. The body has set various standards which includes information Security Management Systems (ISMS) standards. Information Security is a key agenda for businesses to protect their most prized assets which if compromised will lead to loss of competitive advantage. Business now rely on digital channels and data for customer uptake and general decision making about products and services. Therefore, organizations must improve their information security management systems to remain competitive.

Therefore, to remain relevant and abreast with technological changes, Information Systems affiliated organizations such as INFRATEL are learning from global certification authorities by integrating the processes and procedures of the International Organization Standardization into their operations. INFRATEL attained ISO 27001 Certification which has placed the company highly in its operations and service delivery. The certification was obtained after a thorough independent audit and assessment for compliance by the British Standards Institute (BSI).

INFRATEL reporter took time to learn more about the ISO 27001 Certification in an exclusive interview with INFRATEL Assistant Manager Information Security, Mr. Davin Muyangwa. Mr. Muyangwa explained ISO 27001 as follows:


1. Meaning of ISO 27001 Standard

It is an internationally recognized framework that guides organizations on best practices for Information Security and provides risk management measures against threats to Information. It is a standard that independently attests an organization’s compliance to global security policies and processes.

2. Significance of Certification

As a business entity INFRATEL is therefore expected to attain this Certification to prove that it is an organization that has properly structured its information security to effectively manage risks. The certification is not only related to Information Technology operations but covers key operational processes such as Facilities Management, Human Resources, Software Development and Customer Support. The certification embeds security as a key function at INFRATEL and the ISMS is management’s overall commitment towards Information Security.

3. Requirements for Certification

The Steps to ISO 27001 Certification are as follows:

Gap Analysis – A closer look at an organization’s existing Information Security Management System and compare it with the requirements of the ISO 27001 Standard.

Stage 1 Audit – A review of the Organization’s readiness for assessment by checking if the necessary ISO 27001 procedures and controls have been developed.

Stage 2 Audit – This involves assessing the implementation of the procedures and controls within the organization to make sure that they are working effectively as required for certification of ISO 27001.

Certification – A Certification valid for 3 years is awarded once an organization is deemed to be compliant with the ISO 27001 after conducting the above-mentioned Audits. Meanwhile regular reviews are conducted annually to make sure the system does not just remain compliant, but it continually improves and adds value to the Organization.

4. What Certification means for INFRATEL as an organization.

ISO 27001 is one of the world’s most popular standards and is very sought after, as it demonstrates that a company can be trusted with information because it has sufficient controls to protect it. Compliance is proof that you are secure. The certification is a call for excellency for INFRATEL to continually align its operations to global security standards to meet customer’s demand for secure and available platforms. Through the certification, INFRATEL is differentiated from the competitors who may not have the certification.

5. Benefits of Certification to INFRATEL members of staff

This Certification Means 3 things to Staff.

Competitive Advantage – Sales and Marketing Staff can use the organization’s reputation for security to win new business. This increases the amount of work across the organization and offers employees the opportunity to prove how valuable they are.

Job Protection – ISO 27001 outlines Information Security Policies and Procedures for Staff to follow thereby mitigating data breaches that can threaten their Jobs. If employees follow the ISO 27001 guidelines, the organization will not blame them for a data breach.

Protection of Personal Data – Staff should rightfully be concerned about protecting client’s data, but they should be just as worried about their personal data which they give to the employers. Organizations hold a lot of employee information, so staff will be relieved to know that their personal data is protected.

6. Counsel to INFRATEL staff

One cannot be too careful when it comes to Information Security. Staff should be aware that the weakest link in the chain of security are individuals, in this case Staff themselves. Protecting company sensitive data is critical to business resilience. Staff should continually check the authenticity of various information pieces that they receive to protect INFRATEL and Client data assets. ISO 27001 helps you implement a robust approach to managing information security and build resilience. 

In his final remarks, Mr Muyangwa emphasized three major values of ISO 27001; ‘’Confidentiality, Integrity and Availability of Information is assured under an Organization that meets the requirements and implements the security controls provided by the ISO 27001 Standard,’ he stated.