Daegis, a leading provider of eDiscovery solutions, announced today that it has received ISO/IEC 27001 re-certification for its litigation support and eDiscovery services. Daegis received its initial certification in April of 2009. The re-certification stands as a testament to Daegis’ commitment to preserving the confidentiality, integrity and availability of all information assets in its possession.
ISO/IEC 27001:2005 is an internationally recognized information security management system standard developed by the International Organization for Standardization (ISO). The ISO standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks.
As the number of platforms on which data is created and stored continues to grow and diversify, information security is becoming a significant challenge for corporations and their vendors. This problem is compounded by the sheer amount of data that must be secured. According to International Data Corporation (IDC), the volume of digital information may balloon from 2.7 zettabytes this year -- the storage equivalent of 2.7 billion Apple iMacs -- to 8 zettabytes by 2015. When choosing vendors, corporations – particularly those in heavily regulated industries such as pharmaceutical, finance and healthcare – need an independent standard by which to self-evaluate the information security of the vendors. The ISO/IEC family of standards provides this evaluation framework.
The ISO/IEC 27001 sets forth a formal process by which all information security management systems must be centralized under management’s control. In order to demonstrate compliance, Daegis’ management team systematically reviewed the organization’s information security risks, constructed and implemented a comprehensive set of information security policies, procedures and controls to address all areas of risk, and implemented a management process to ensure that information security policies will evolve to meet the needs of Daegis and its clients. The process involved an audit of each of Daegis’ offices and its complete Information Security Management System (ISMS) by a team of external auditors. Daegis’ certification is valid for three years, with annual compliance audits performed each year.