Certified Quality

ST Idea, since 2010 is a company that has adopted the certification and can therefore be formally audited and certified compliant with the standard

The standard contains 11 domains (apart from introductory sections) and ST Idea is fully committed with them:

  1. Security policy - management direction.
  2. Organization of information security - governance of information security.
  3. Asset management - inventory and classification of information assets.
  4. Human resources security - security aspects for employees joining, moving and leaving an organization.
  5. Physical and environmental security - protection of the computer facilities.
  6. Communications and operations management - management of technical security controls in systems and networks.
  7. Access control - restriction of access rights to networks, systems, applications, functions and data.
  8. Information systems acquisition, development and maintenance - building security into applications.
  9. Information security incident management - anticipating and responding appropriately to information security breaches.
  10. Business continuity management - protecting, maintaining and recovering business-critical processes and systems.
  11. Compliance - ensuring conformance with information security policies, standards, laws and regulations.