MD7, a wireless infrastructure consultancy, disclosed that it has achieved ISO 27001:2013 certification, the international standard for managing data and cyber security. The company said that this achievement certifies the process MD7 uses to manage the security of assets such as financial information, intellectual property, employee details and information entrusted by third parties.
“Some organizations will not hire a company that doesn’t have ISO certification,” Scott Belie, MD7 chief technology officer, said. “The 27001:2013 certification is for data security, whereas the 9001:2015 certification we completed a few years ago focuses on overall quality and internal processes and controls.”
Thomas Leddo, MD7 chief strategy officer, said that obtaining a certification means that MD7 adheres to the international standard for establishing, implementing, maintaining and continually improving an information security management system (ISMS), helping to ensure an organization’s information assets are secure.
The company said that some of MD7’s customers, such as AT&T in the United States and Vodafone in Europe, prompted the company to become ISO 9001:2015 certified a few years ago because it adopted policies that encouraged all vendors and partners to be certified.
“While achieving ISO 27001:2013, we discovered some other proposal requests that we’ve been involved with were asking particular questions about the security of data and cybersecurity in general,” Leddo said.
More and more companies require vendors and partners to adhere to recognized standards to ensure that the vendors meet third-party standard requirements, according to Leddo. It removes some of the work necessary to vet a vendor while providing a high degree of assurance that the company is meeting expected standards, he said.
“At MD7 continuous improvement is one of our core values,” Belie said. “Completing this certification is just one of the ways we are improving our security footprint. With this certification, we are giving our customers better visibility into our security posture by comparing our efforts to a well-known industry benchmark.”