At Strands, we believe that Information Security is a business, not an IT, problem. Risk-based approaches are vital for modern information security effectiveness.
In today’s world, customers, business partners and stakeholders want to be sure that you’re not putting them or their businesses at risk by not having appropriate safeguards in place relating to information and technology-enabled business assets.
There are many ways to implement a sound Security Risk Management strategy, and a good standard, such as ISO 27001, establishes the correct procedures for an Information Security Management System (ISMS).
"ISO 27001 is one of the most widely recognized and internationally accepted security standards, and Strands has earned this important accreditation after being successfully audited by AENOR." — Erik Brieva, CEO at Strands
The certification was awarded for supporting software development and project management information systems, according to the applicable regulations, and helps Strands to keep both its own information assets, and those of its customers, secure.
Security is one of Strands' main priorities.
Strands’ ISMS based on ISO 27001: Implementation and management
Strands has had an Information Security Management System based on ISO/IEC 27001 in place for years, at both our European and US headquarters —in Barcelona and Miami. This year, Strands Argentina and Malaysia were also endorsed with ISO 27001 compliance as the company continues to grow in Latin America and Asia.
ISMS is a system that helps to prevent and counteract interruptions to business activities. It protects critical processes from the effects of information security incidents, disasters and major failures of information systems and ensures the timely continuation of normal operations.
"ISMS implementation also raises awareness throughout the business about the risks associated with information security, involving all Strands employees." — Pilar Marte, Business Process Consultant at Strands
The ISO 27001 standard has a comprehensive management system that guarantees, and is characterized as, the preservation of confidentiality, integrity and availability of all assets and information that we handle:
- Confidentiality: Ensuring only those who are authorized can access information.
- Integrity: Ensuring that information remains unchanged and traceable.
- Availability: Ensuring authorized users have access to information and associated assets when required.
The policies, processes, procedures and other requirements that make up this management system are scrutinised and tested annually by independent 3rd-party auditors (AENOR) who have the power to withdraw the certification if not all the requirements and standards of the regulations are met.
The Strands Security Policy applies to all Strands personnel, as well as to external collaborators and suppliers who work in conjunction with Strands team.
What value does ISO 27001 certification bring to financial institutions?
Strands’ ISO 27001 certification is proof of its commitment to information security management and to ensuring the security across the delivery of software, projects and customer services to Financial Institutions.
When banks and financial institutions work with Strands, they know that are partnering with a vendor that ensures:
- Knowledge, information and data protection
- Data integrity and availability
- Protection of information and communication technologies
- Company Assets protection
- Business Continuity
- Compliance with legal and regulatory standards
- Definition of information-handling roles and responsibilities
- Avoid financial losses resulting from a security breach
- Protection of facilities, offices and working environment
- Confidentiality, credibility and trust
- Greater awareness of security across the organization
- Prevents confidentiality breaches and data leakage
- Fast reaction and disaster recovery
- Meeting international benchmarks of security