Three teams from MSC Technology in Italy (Turin), Switzerland (Geneva) and the US (Warren) have successfully obtained ISO 22301:2019 and ISO/IEC 27001:2013 certifications after a month-long joint certification audit undertaken with DNV, the certifying body.
What do ISO 22301 and 27001 certify?
ISO 22301 certifies a company's security and resilience and, specifically, its business continuity management systems (BCMS), which are critical for protecting against and reducing the impact of any business disruption. This latest ISO 22301 certification (a recertification) reflects MSC's work to increase the functional coverage of our BCMS.
Meanwhile, ISO 27001 relates to information security and, in particular, how an organisation establishes, implements, maintains and continually improves its information security management systems (ISMS) and processes. As such, it is an essential standard for any company that takes cyber and data security and privacy seriously in our digital age.
"The certifications represent a highly visible, internationally recognised, stamp of approval of how we work," explains Fabio Catassi, MSC's CTO. "Our customers are continually seeking reassurance that our IT-enabled services are resilient, confidential and available, and the ISO certifications provide a proof that our company meets the high standards."
Fabio adds that the risks of being uncertified are linked more to MSC's reputation than any technical concerns "as our MSC technology entities already rely on best practices". However, these certifications enable us to save "a lot of time explaining to our customer's auditors how we do things".
Achieving certification: a team effort
To achieve certification with both standards, DNV audited a range of subjects, from the security of operations and communications to human resources, risk management and application support. It also assessed physical and environmental security across all three sites.
The MSC ISO teams would like to thank everyone that participated in the audit interviews and pass on the compliments of the auditors. Not only did DNV highlight three noteworthy BCMS and ISMS activities and projects in the closing report, the company also commended the interviewed staff for demonstrating "good sensitivity to information security risks and excellent IT skills".