12/07/2010
ISO certification announced for Information Security Management System
Dubai, UAE
With this certification, we are now set to start a new chapter by offering customised technology security services to businesses, and we will share further details in due course, he added.
Some of the prominent Emirati Du personnel from the Technology and Security Risk Management department at Du, who contributed to the completion of this landmark project, included Hiba Abdelghani, Technology Audit Specialist – Graduate Trainee at Du’s Masar Programme, Saeed Salahdin - Technology Security & Risk Management Coordinator and Ibrahim Al Mallouhi - Director Risk Management and Quality Assurance.
Commenting on this milestone achievement, Walid Kamal, Senior Vice President, Technology and Security Risk Management, Du, said: “Today is a proud moment for all of us at du, and this certificate is a genuine validation of comprehensive security strategy and programme initiated in 2006 setting up converged security organisation, management system and process.”
Basem Obaid, Area manager, Middle East and Africa, Lloyds Register Quality Assurance Ltd, said: “The win is well-deserved for Du. The team at Du demonstrated exceptional commitment in the run-up to the certification, which brings to light the depth and maturity of its management team, and how they value information security as one of the key business pillars. We wish them all the best in their future endeavours.”
ISO 27001:2005 is an international standard prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS).
The governing principle behind ISMS is that an organisation should design, implement and maintain a coherent set of processes and systems to manage risks to its information assets, thus ensuring acceptable levels of information security (usually summarised as confidentiality, integrity and availability). The ISMS enables organisations to deploy safe working practices that are well established, these practices reduce risks to information and its protection through standard processes and policy frameworks.