Difference between revisions of "FAQ:ISO"
Jump to navigation
Jump to search
| (24 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| + | This document can now be found at its new location in the [https://docs.hornbill.com/hornbill-cloud/iso/about-iso/ Hornbill Document Library]. | ||
| + | |||
| + | [[file:hornbill-document-library.png|Hornbill Cloud|link=https://docs.hornbill.com/hornbill-cloud/iso/about-iso/]] | ||
| + | <!-- | ||
==What is ISO== | ==What is ISO== | ||
The International Organization for Standardization is an international standard-setting body composed of representatives from various national standards organizations. This group of experts over the last 50 years have created a set of ISO standards which are a series of frameworks that outline best practices and requirements against a number of key areas to ensure that, if adopted, a organization can run smoothly\securely and provide customers with the knowledge that a company is doing it right. ISO certification is proof that the standards are being adhered to and embedded in the organsisation. | The International Organization for Standardization is an international standard-setting body composed of representatives from various national standards organizations. This group of experts over the last 50 years have created a set of ISO standards which are a series of frameworks that outline best practices and requirements against a number of key areas to ensure that, if adopted, a organization can run smoothly\securely and provide customers with the knowledge that a company is doing it right. ISO certification is proof that the standards are being adhered to and embedded in the organsisation. | ||
| − | ==What ISO27001== | + | ==What is ISO27001== |
ISO 27001 (formally known as ISO/IEC 27001:2005 currently ISO/IEC 27001:2013) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes. Being IS0 27001 accredited means that we have proven to an external body that we comply with all regulations and requirements, therefore ensuring that security (both information and physical)/risk management and other best practices are ingrained in everything we do through the processes we follow. | ISO 27001 (formally known as ISO/IEC 27001:2005 currently ISO/IEC 27001:2013) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes. Being IS0 27001 accredited means that we have proven to an external body that we comply with all regulations and requirements, therefore ensuring that security (both information and physical)/risk management and other best practices are ingrained in everything we do through the processes we follow. | ||
| − | Our latest certificate is here - [https:// | + | Our latest certificate is here - [https://files.hornbill.com/misc/IS588876.pdf] |
==What is ISO27018== | ==What is ISO27018== | ||
ISO 27018 is a specification for handling & securing Personal Identifiable Information in the Cloud. This goes side-by-side with ISO27001 & GDPR to ensure that we take all steps to secure your data, treat it with respect and guarantee that we will not use it for any purpose which we dont have specific consent . A successful external audit ensures that our polices & practices are correct and your data is safe with us. | ISO 27018 is a specification for handling & securing Personal Identifiable Information in the Cloud. This goes side-by-side with ISO27001 & GDPR to ensure that we take all steps to secure your data, treat it with respect and guarantee that we will not use it for any purpose which we dont have specific consent . A successful external audit ensures that our polices & practices are correct and your data is safe with us. | ||
| − | Our latest certificate is here - [https://files.hornbill.com/misc/ | + | Our latest certificate is here - [https://files.hornbill.com/misc/PII697007.pdf] |
==Who is Responsible for Compliance== | ==Who is Responsible for Compliance== | ||
| Line 16: | Line 20: | ||
==How Often are we Audited== | ==How Often are we Audited== | ||
| − | We are audited every 12 months and inorder to stay certified we must not only show the documented processes but also how these are implemented in the business and show that all those effected by the process understand its requirements and adhere to its contents. We must also show that, where necessary checks and controls are in place to ensure that the process can not be circumvented. Our last audit certificate along with other accreditations are available via https:// | + | We are audited every 12 months and inorder to stay certified we must not only show the documented processes but also how these are implemented in the business and show that all those effected by the process understand its requirements and adhere to its contents. We must also show that, where necessary checks and controls are in place to ensure that the process can not be circumvented. Our last audit certificate along with other accreditations are available via https://trust.hornbill.com/compliance/ |
==What Processes are covered under ISO== | ==What Processes are covered under ISO== | ||
| Line 45: | Line 49: | ||
| − | + | == Other == | |
| − | |||
| − | |||
| − | |||
The below links to sections\documents that are not covered by ISO, however are important to the way Hornbill operates\plans and provides services. This includes polices, guiding theologies or supporting documents that help show our commitment to security and your data. | The below links to sections\documents that are not covered by ISO, however are important to the way Hornbill operates\plans and provides services. This includes polices, guiding theologies or supporting documents that help show our commitment to security and your data. | ||
* [[Data Security Commitment]] | * [[Data Security Commitment]] | ||
| Line 54: | Line 55: | ||
* [[FAQ:Data_Centres#Datacenters_and_Facilitators]] | * [[FAQ:Data_Centres#Datacenters_and_Facilitators]] | ||
* [[Cyber Essentials]] | * [[Cyber Essentials]] | ||
| + | * [[Penetration Tests]] | ||
| + | * [[Environmental Policy]] | ||
| + | * [[Modern Slavery]] | ||
| + | * [https://www.hornbill.com/corporate-social-responsibility-policy |"Corporate Responsibility"] | ||
==Capacity Management and Scalability== | ==Capacity Management and Scalability== | ||
We have hardware available for our expected growth of Hornbill and this is reviewed\increased every 3 months with the purchasing of additional hypervisors\rack space as required. If required we can also create a instance or complete replica of the Hornbill infrastructure in AWS (Same as in our DR Plan) in record time meaning that capacity and scalability is never an issue. This scalabity along with the underlying server code also removes all limitations for user increase as new servers can be added as demand increases. | We have hardware available for our expected growth of Hornbill and this is reviewed\increased every 3 months with the purchasing of additional hypervisors\rack space as required. If required we can also create a instance or complete replica of the Hornbill infrastructure in AWS (Same as in our DR Plan) in record time meaning that capacity and scalability is never an issue. This scalabity along with the underlying server code also removes all limitations for user increase as new servers can be added as demand increases. | ||
| + | --> | ||
| + | [[Category:HDOC]] | ||
Latest revision as of 20:41, 11 April 2024
This document can now be found at its new location in the Hornbill Document Library.
