CHANTILLY, Va., Sept. 1, 2016 – NMR Consulting is proud to announce its achievement of the ISO/IEC 27001:2013 certification, the best-known standard in the ISO 27000 family of standards. This accomplishment demonstrates NMR’s commitment to protecting client, partner, and employee data through the implementation and management of a robust set of security practices.
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS) within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
“This credential represents our commitment to excellence in managing and implementing strong information security practices as a company,” said NMR Chief Information Technology Officer Robert Johnson. “It will give our clients additional confidence in NMR’s ability to support them in the protection and security of their information systems.”
NMR’s methodology incorporates a risk-based approach and framework to identify, assess, manage, and mitigate information security risks within its environment. NMR’s ISMS was audited by an accredited independent party and was judged to be in compliance with the 130+ requirements incorporated within the rigorous ISO standard.
“NMR is on a course for continual improvement in our information security management processes, tools, and techniques,” said Johnson. The ISO accreditation approach incorporates continual improvement along with annual audits to ensure compliance is maintained and additional improvements are identified and implemented. “This will help our company to continually adapt to the always changing cyber security environment of our modern digital age.”
About the ISO 27000 Standards
The ISO 27000 family of standards helps organizations keep information assets secure. Using this family of standards helps organizations manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.