New York, NY, April 09, 2022 – Ariel Partners, a leading IT firm offering Software Development, Consulting, Coaching, and Training, announced today that its Information Security Management System has achieved certification for compliance with ISO/IEC 27001:2013 standards. The certification applies across the full range of Ariel’s current service offerings, including the provisioning of IT solutions, training, coaching, and program management.
ISO/IEC 27001 is an international standard for to managing information security. It details requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS), aiming to help an organization make the information assets they hold more secure.
“We have all seen stories of high-profile cyber intrusions, data leaks, and ransomware. Thankfully, Ariel adopted a cloud-native posture since day one, using Software-as-a-Service rather than installing servers and information assets on-premises,” said Craeg Strong, Ariel’s CTO. “Nevertheless, establishing an Information Security Management System was important to us. Given the ongoing delays with the Cybersecurity Maturity Model Certification [the cybersecurity assessment framework established by the US Department of Defense], we knew we needed to start with ISO 27K. This certification is a tangible sign to our customers that we take cybersecurity very seriously.”
The ISO 27K framework contains three critical requirements:
- The organization must systematically and wholistically examine the organization’s security risks, taking account of threats, vulnerabilities, and impacts.
- The organization must design and implement a comprehensive suite of information security controls and risk management strategies, and
- The organization must adopt an overarching management process to ensure that information security controls continue to meet security needs on an ongoing basis.
These elements profoundly impact all aspects of how an organization conducts business. For example, before adopting a new technology (e.g., augmented reality), Ariel will conduct “red team” and “premortem” sessions to analyze all possible attack vectors and to quantify the worst-case impact for each of them, were it to be successful. By performing these steps upfront, Ariel can continue to innovate at a high rate of speed while maintaining strict security levels.
“We are proud to have achieved ISO 27K, which represents the next major milestone on our journey of relentless improvement and utmost commitment to quality and security,” said Craeg Strong, Ariel CTO. “The ISO 27001 certification now takes its place alongside our CMMI level 3 DEV & SVC assessments and our ISO 9001 and 20000 certifications. ISO 27000 is particularly relevant for Ariel since we maintain a Top-Secret facilities clearance (FCL). We will continue our security journey with CMMC, and we plan to be one of the first CMMC-certified organizations out of the gate when the assessments become available.”
The ISO standards equip organizations with an approach to continuous business process improvement that considers a wide range of practices for establishing mature and effective processes.