The Postal Technology Centre (PTC) obtained ISO 27001 certification for its cloud platform in November 2019.
The Universal Postal Union (UPU) is a future-focused organization, and for its PTC, it is of the utmost importance to ensure that the organization’s cloud environment functions smoothly and continuously.
To this end, the PTC has put into place an effective information security management system (ISMS) based on the international reference standard ISO/IEC 27001. ISO 27001 certification defines in particular a methodology for identifying cyber threats, managing and controlling the risks associated with the information systems, and putting into place appropriate measures to ensure the confidentiality, availability and integrity thereof.
• ENSURE THE SECURITY OF DATA
One of the PTC’s missions is to ensure the security of data, particularly personal data, which is why it has become so important to provide the users of PTC products and services and Telematics Cooperative members with guarantees in that connection. To achieve this, the PTC has, inter alia, opted for a certification-based approach. One such certification is for the international standard ISO 27001, or, to give it its full title, «Information technology — Security techniques — Information security management systems — Requirements», which has a risk-based approach to security.
• BE AWARE OF THE RISKS
By obtaining ISO 27001 certification, the PTC is showing that it is aware of, and seeking to protect itself from, the risks associated with the sensitive data used in its applications.
• PROVIDE BEST PRACTICES
In addition to physical and IT protection from hacking and other incidents, ISO27001 provides conceptual best practices that supplement these technical measures. The global scope of ISO 27001, from both a technical and an organizational standpoint, is defined by the ISMS, which is applicable to the information systems, processes and individuals concerned by the protection measures. The ISMS was defined in accordance with the PTC’s needs, and on the basis of a risk analysis focusing on sensitive data.
ISO 27001 certification makes it possible to certify – through the independent certification body PECB (Professional Evaluation and Certification Board) – that the PTC is able to provide applications in a cloud environment in accordance with legal, regulatory and user requirements.
Furthermore, ISO 27001 certification allows the PTC to showcase its 25 years of know-how and expertise in the digitalization of the postal world.
Putting into place this standard has allowed PTC staff skills to be harnessed, capitalized on and developed.
Most importantly, ISO 27001 certification has enabled increased trust in the PTC’s products and services by identifying the threats to its information system and improving its information system security practices.
This certification offers a common reference, ISO 27001 being a globally recognized certification, which is increasingly part of the specifications when customers subscribe to IT services. It is therefore a logical and necessary step for the PTC.