Search for content, post, videos

INTIQ, PECB, and PECB MS Meet Information Security Demand Through ISO/IEC 27001

We do business in an increasingly complex world of bytes, account numbers, and passwords. Nearly everything in our lives is now stored on a cloud.

But our reliance on technology has come at a cost, making us more vulnerable to cyberattacks. The Center for Strategic and International Studies (CSIS) in Washington, D.C. reported at least 85 “significant cyber incidents” around the world between January 2021 and the end of July 2021. These include cyberattacks on government agencies, defense, and high-tech companies as well as economic crimes with losses estimated at more than $1 million.

In July, the Japan 2020 Olympics suffered a breach of usernames, passwords, addresses, and bank account numbers involving volunteers and ticket holders, according to CSIS.

Cyberattacks have become a global threat to all organizations, no matter the size, type of business, or client base. If you use a computer, mobile phone, tablet, or any type of automated equipment or vehicle in your business, you are a potential target.

Our story

As president of INTIQ Solutions, it is a privilege to be able to share our story with you. We are a Subcontractor Key Location an authorized partner of PECB Management Systems (PECB MS) as well as a Platinum Partner of PECB Group, offering a full breadth of certification services around globally recognized business standards. These include ISO/IEC 27001 (Information Security Management Systems — ISMS), ISO/IEC 27701 (Privacy Management Systems — PMS), and ISO 22301 (Business Continuity Management Systems — BCMS). In addition, INTIQ is also working with Cybersecurity Maturity Model Certification CMMC and has been approved as a Candidate C3PAO — CMMC Third-Party Assessor Organization.

INTIQ Solutions was established in 2013 with a vision of adding value to management systems certification. Three years later, INTIQ partnered with PECB MS to offer accredited certification through independent audits and periodic surveillance visits. INTIQ is responsible for sales, customer care, and facilitating client audits with PECB Auditors, while PECB MS is responsible for the overall certification process including the certification decision.

In recent years, a growing number of organizations in the United States and countries around the world, have turned to ISO/IEC 27001, an internationally agreed-upon management system standard on information security management, as a framework for protecting sensitive data. This standard has become one of our most sought-after certifications, particularly among law firms, government agencies, and health care organizations.

This standard requires organizations to document key processes and regularly review the information security system for continued effectiveness through a combination of management reviews and regular internal audits. The system must incorporate corrective and preventive actions as well as risk assessments to ensure its continued relevance.

Essentially, ISO/IEC 27001 requires organizations to have a robust information security system in place with key controls to protect sensitive data. Organizations are less likely to fall victim to cyberattacks when they have considered their vulnerabilities and taken steps to guard against intrusions.

Because the system is based on international consensus standards, it is repeatable across multiple sites and even the organization’s entire supply chain if desired.

Together with PECB MS, we at INTIQ have channeled our energy into high-value services for our clients. PECB MS maintains a pool of approved auditors around the world that allows us to service international clients with multiple locations. INTIQ provides the necessary support for PECB MS Auditors who work with our clients. We in turn work with PECB MS to find ways to improve our processes and incorporate best practices wherever possible.

COVID-19 challenge

The unprecedented COVID-19 pandemic created unique challenges for PECB MS Auditors and clients. INTIQ worked with PECB MS to develop procedures that ensured the health and safety of auditors and clients by minimizing the risk of exposure to COVID-19 while still maintaining compliance with certification requirements.

A PECB MS policy permitting remote audits was approved by the organization’s accreditation body once accreditors were satisfied that the annual certification process and audit requirements would still be fulfilled. Considering that the majority of ISO/IEC 27001 clients already stored their documentation in the cloud, it was a relatively straightforward process to obtain access to the necessary audit documents via remote access. INTIQ and PECB MS remained committed to staying true to ISO/IEC 17021-1 as well as International Accreditation Forum (IAF) mandates.

INTIQ also had to make changes to the delivery of public training courses and certification programs, which we offer in partnership with PECB Group. Programs were presented entirely online with self-study components that allowed us to continue operations during the pandemic.

Standards journey

My journey into the world of management systems began with the ISO 9000 family of quality management system standards, which were first published in 1987. I was introduced to ISO 9001 a few years later through a friend who was assisting Exxon with its implementation. I was working at United Cerebral Palsy on multiple programs for people with disabilities at the time.

After reading through ISO 9001, I began to see ways in which I could apply the standard to my programs at United Cerebral Palsy. The results were impressive, so much so that I began to assist other organizations with implementations primarily throughout Latin America. I quickly gained experience as an internal auditor though I found it challenging at the time to implement English requirements in companies that mainly operated in Spanish. Little did I know that I would play a role in addressing this issue later in my career.

Early adopters primarily wanted to ensure that they could meet customer requests for certification. In Latin America, certification was viewed as an opportunity to penetrate into American and European markets. ISO 9001 was seen as a tool to transcend entry barriers into new marketplaces while promoting confidence and creating a common language by which companies could communicate with other certified organizations.

It was interesting to see how ISO 9001 became a stepping-stone to industry-specific standards like ISO/TS 16949 for the automotive industry and AS9100 for aerospace companies. The use of industry-specific variations based on ISO 9001 subsequently fueled the global certification movement and led to an expansion of related standards like ISO 14001 for environmental management and ISO/IEC 27001.

My formal participation in the development of standards began shortly after the 9/11 attacks when I attended my first meeting of the U.S. Technical Advisory Group to International Organization for Standardization Technical Committee 176 (ISO/TC 176). The committee is charged with maintaining the ISO 9000 family of standards, including ISO 9001. The meeting was planned to be held in Crystal City, Virginia, steps away from the Pentagon, but was relocated. Only a small number of U.S. delegates were present in the meeting compared to other meetings that I would attend over the years. It was there that I was invited to represent the U.S. delegation on the international committee that would perform the first Spanish translations of key standards from ISO’s official two languages, English and French.

This role required more than translation skills because it proved to be another opportunity for delegates to renegotiate critical requirements. The translation committee had to agree on the intent of each clause and understand how they should be applied in a real-world setting to reach a consensus on the most appropriate translations. To understand the nuances of the standards, I found it beneficial to attend the working groups in which the standards and their subsequent revisions were drafted. This allowed me to better participate in the international debate that contributed to the wording of each translation.

Some 20 Spanish-speaking countries were represented on the translation committee, including Mexico, Spain, and Argentina. Each had a different way of interpreting the requirements. We had to achieve consensus to carry out our translations and we worked through many obstacles. The biggest challenge was thinking through the intent of the standards, understanding concepts, and finding appropriate wording that would be understood in all Spanish-speaking countries.

In a very real sense, we helped decide the way the standards would be applied in Spanish-speaking countries. Our consensus laid the foundation for thousands of thirdparty certifications to ISO 9001 and subsequently to other key management system standards like ISO/IEC 27001, ISO 14001, and ISO 26000 on social responsibility.

The international debate varied by how participating countries planned to use the various standards. European countries saw them as a replacement for regulatory requirements. As such, they wanted them to be as prescriptive as possible while countries like the United States wanted them to be much less prescriptive.

Based on my work at the national and international levels, I went on to establish the then American Welding Society’s accreditation program for management system standards, which included ISO 9001 and ISO 14001. This led to my participation in the International Accreditation Forum (IAF), which governs the conduct of management system accreditation bodies around the world.

My participation in these groups helped me understand the importance of standards as well as the positive effects they have had on international trade.

They created a culture of doing things correctly, being ethical, and choosing not to cut corners. This contributed to improvements in the way we make our products, the way we monitor our environmental footprint, the way we protect our food supply, and most recently, the way we protect client data. I went on to work with several large, third-party certification bodies, including BSI America and Intertek.

Business relationships are key to successful growth

Partnerships thrive when built on a foundation of trust. Our success with PECB is a shared journey to create a future for both parties and the combined skills set a recipe for guaranteed success. Together, we are expanding our expertise and services and are continuously creating value through education and certification services around the world. INTI.Q has strategically partnered with PECB to offer training courses that will provide interested individuals with the tools that they need to advance in their career.

Developing great business relationships with PECB is an important element that we see as a catalyst to the overall success of our organization because no business can succeed without developing healthy relationships.

Last words

The lessons I have learned through my experiences have helped shape my desire to continually look for ways to add more value for my clients. Through our partnership with PECB MS, INTIQ strives to deliver excellent customer service and help clients exceed the minimum requirements of certification. Many of our new clients have contributed to the growing demand for ISO/IEC 27001 certification on information security, ISO/IEC 27701 certification on privacy, and ISO 22301 certification on business continuity.

Our world may have become smaller thanks to technology, but it has also become more challenging. Technology has changed the way we live and the way we see the world. We understand the inevitability of change as we race to keep pace with it. In many respects, management system standards allow organizations around the world to identify best practices that will help overcome the many challenges we face in today’s business world.

Leave a Reply

Your email address will not be published. Required fields are marked *