Home / Take-up continues of ISO certification

Take-up continues of ISO certification

OMAN Refinery Company (ORC) has become the latest organisation in the region to be certified with the ISO27001 security standard in a bid to better protect information held on its IT systems.

Security services provider Paladion Networks, which enabled ORC to become ISO27001 compliant in partnership with Khimji Ramdas Computer & Communication Systems (KRCCS), claimed the Omani firm is the first oil refinery in the world to achieve the standard which is designed to secure data held on IT systems.

As reported last month (See IT Weekly 14 - 20 October 2006), an increasing number of companies in the region have adopted the standard, including Dubai Aluminium Company (Dubal), Saudi Binladin Group and Mobile Telecommunications Company (MTC) in Bahrain.

ISO 27001 requires companies to meet standards in a number of categories, which fall into three broad areas — confidentiality, integrity and availability.

It replaced the BS7799 this year as the only certifiable security governance standard and allows companies to comply with regulations such as the US’s Sarbanes Oxley laws and the UK’s Data Protection Act.

Amour Nasser Al-Muharzy, manager of corporate information and communication for ORC, said: “Compliance to the ISO 27001:2005 standard has ensured that applicable security controls have been implemented to counter various threats to the critical information of ORC and has improved the preparedness of the staff towards handling any security incidents.”

In order to prepare ORC to be certified Paladion and KRCCS carried out a risk assessment of the firm’s security polices then implemented an information security management system (ISM) that would comply with the ISO287001 standards. According to Rohit Kumar, Middle East business head for Paladion Networks, the risk assessment did reveal some areas of vulnerability in ORC’s existing information systems.

“There were some weaknesses that were found and there were controls which could have been more effective. Risks were discovered across various areas and a number of risks were reported,” revealed Kumar.

“The risks were discovered across the areas of business processes, in the IT controls, in the applications, on the system side,” he said, adding that it was important for ORC to ensure that sensitive data held on its IT systems is protected.

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.