ISO 27001 Information Security Management

Wednesday, January 25, 2023 by Simon Montanaro

ISO 27001 Information Security Management

Good corporate governance is not only an attractive quality that builds trust in customers and business stakeholders but also an essential factor for increased sustainability and profitability.  

At Melita Ltd, top-level good governance is considered one of the basic requirements for the smooth running of the business. It is cascaded from the highest level, administered by the rest of the workforce, and executed via the systems that are put in place. 

In addition to the company’s ISO 27001 certification for its Data Centres, last year, Melita’s Head Office in Mriehel was awarded the ISO 27001 certificate in Information Security Management Systems. These certifications independently confirm that both Melita’s workforce, as well as the protocols and processes that are in place, guarantee the highest internationally recognised standards. They also ensure continuous improvements in security practices.

ISO 27001 in Information Security Management offers a holistic combination of policies, protocols and processes aimed at preventing data breaches, safeguarding data, as well as predicting and mitigating cyber-attacks. The process of achieving such certification involves a top-down, risk-based approach and is technology-neutral. The specification defines a set of 14 requirements related to security. 

These 14 domains include:

  1. Information security policy – this involves detailed good practices on how to write and review policies regularly, making sure they are continuously updated and followed through.
  2. The organisation of information security – this deals with the assignment of responsibility, roles, and the provision of a clear hierarchy within the company. Without this domain securely in place, it would be impossible to implement effective accountability.
  3. Human resource security – this domain specifies how employees are to be informed about cybersecurity when being onboarded, when leaving the company, or even changing roles internally.
  4. Asset management – this step deep-dives into the management of data assets including tracking hardware, software, and data assets.
  5. Access control – this provides a clear guide on controlling employees’ access and IT privileges depending on their role, position, and status within the company.
  6. Cryptograph – this domain involves the study of best practices regarding encryption.
  7. Physical and environmental security – this contains detailed steps a company should take to secure physical buildings and equipment within them.
  8. Operations security – this part of the certification involves the best ways of collecting and storing data making sure that everything is documented and evidenced.
  9. Communications security – this section deals with securing the transmission of information within the company’s network via email, video calls and other means.
  10. System acquisition and maintenance – this involves details on how new and existing systems brought into the company are to be managed, ensuring that they are compliant and meet the highest information security standard.
  11. Supplier relationships – this details how the company ensures the security of third parties.
  12. Security incident management – this part of the certification deals with incident responses -what security measures and steps are to be taken in the case of a security incident.
  13. Business continuity management – this section ensures that measures are in place in case of business disruptions and/or major changes.
  14. Compliance – this final step ensures that the company is compliant with all government and industry legislation and regulations.

At Melita, we believe that strong and effective governance, including Information Security Management, leads to positive performance and overall business sustainability.Increasing accountability of all employees as well as top management works to achieve the highest levels of efficiency and avoid mistakes. This provides the company with a strong competitive advantage, instills trust in our customers and provides long-term added economic value to all our stakeholders.

Simon Montanaro

Simon Montanaro

Chief Technology Officer

Chat With Us

Connecting you to a live agent...

There was a problem connecting you to a live agent