The State Operator for Non-Lethal Acquisition received a certificate of compliance of its information security management system with the international standard ISO/IEC 27001. The presence of this international standard confirms the highest level of protection in all aspects of the organization's activities: products, policies, technologies and team work. One of the conditions for obtaining the certificate was an audit by an independent third-party organization.
“Currently, we are one of the few state organizations in Ukraine that have such a certificate. This year, we have digitized many processes in the field of providing the Armed Forces of Ukraine, so data protection is one of our main priorities. In the context of the DOT's activities, successful certification according to the international standard is an extremely important achievement that will allow us to better confront the enemy in the field of cybersecurity and be sure that all important information is under reliable protection.” – notes Alena Zhuzha, IT advisor at the DOT.
We remind you that ISO/IEC 27001 is one of the most prestigious international standards that defines requirements for information security management systems (ISMS) and provides a comprehensive approach to data protection. Compliance with this standard means that the organization has implemented and adheres to the best practices in information security management, in particular:
- Prompt response to changing risks; Provides regular updates of software and policies in the field of information security in accordance with current global practices and challenges. Training people, processes and technologies to counter information threats;
- Cybersecurity depends not only on software, but also on the behavior of employees and their interaction. The presence of a certificate confirms that all participants have undergone appropriate training. Information protection on all media: paper, cloud and digital;
- In addition to electronic media, protection at the level of paper documents is no less important, which is also provided for by the relevant DOT policies.
In the future, this will allow DOT to implement most products much faster, since they will already be subject to the requirements of the information security standard, and therefore each product separately will not require additional certifications according to Ukrainian standards.
A feature of ISO/IEC 27001 certification is its continuous monitoring: after receiving the certificate, the organization is under constant supervision of auditors. A comprehensive and in-depth audit is conducted annually to further confirm the reliability of the information protection system. In addition, such an audit may be unscheduled.
