You are on page 1of 1

Websense ISO 27001 certication

What is ISO 27001 certication?


ISO/IEC 27001 is a security certication standard published by the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC). Developed to provide a model for establishing, implementing, operating, monitoring, and maintaining an information security management system, it is widely recognized as the highest security standard in the industry for examining the efficacy of an organizations overall security posture.

How does ISO 27001 certication compare to SSAE 16, formerly SAS 70?

Which Websense services are ISO 27001 certied?


Websense Cloud Web Security and Websense Cloud Email Security are ISO 27001 certied and have been for more than six years. Websense is externally audited every six months to maintain its active certication.

What value does ISO 27001 certication deliver?


Demonstrates security competence ISO 27001 provides organizations with a guidebook to help formulate security requirements to improve security and operations and ensure that specic security objectives are met. Specically, it requires organizations to be competent in four security management areas including: asset identication and valuation, risk assessment and acceptance criteria, management and acceptance of these items, and the continual improvement of an organizations overall security program. Helps meet regulatory and compliance requirements ISO 27001 can be helpful in dening information security management processes and controls to meet U.S. legislative requirements, including Sarbanes-Oxley Act of 2002, Section 404, HIPAA requirements as they pertain to the security rule, Gramm Leach Bliley Act of 1999, state privacy laws, and even some International legislative requirements. Provides customer assurance ISO 27001 provides independent evidence that industry best practices are being followed as part of a corporate governance program. This certication offers peace of mind to corporations looking to demonstrate good faith to customers, shareholders and prospective partners that they have successfully implemented a strong information security management system. For many heavily regulated industries like nance or online service providers, vendor selection may be limited to those organizations that have achieved ISO 27001certication.

ISO 27001 is the only certiable security governance standard. The Statement on Standards for Attestation Engagements No. 16, known as SSAE 16, is a replacement to SAS 70, the previous standard for Reporting on Controls at a Service Organization in the U.S. Like SAS 70, SSAE is not a security standard and it does not provide any assurance of a corporations information security standards. Unlike ISO 27001, SSAE does not serve as proof of security, continuity or privacy compliance standards. Its sole purpose is to keep pace with the growing push towards more globally accepted international accounting standards. Simply put, SSAE is a guideline for the preparation, procedure and format of an auditing report and is not intended to be used as a certication or validation of best practices for IT security controls. ISO 27001 is a true certication that provides condence to management, business partners, customers, and auditors that the organization is serious about information security management. It is frequently used to assure customers that an organizations people, processes and facilities follow the most stringent guidelines for securing an organizations sensitive data. More importantly, ISO 27001 is recognized as an information security standard amongst security professionals whereas SSAE, and its predecessor, SAS 70 is not recognized at this level.

Mobile, social, and cloud technologies drive productivity. But they also open the door to data theft and advanced attacks that can slip right by antivirus and rewall defenses. Websense TRITON solutions keep you a step ahead with best-ofbreed web, email, and DLP security (available together or separately). Shared analytics, exible deployment options, and a unied management console make TRITON the must-have solution for todays dynamic environments.

Learn more at www.websense.com | +1 800-723-1166 | info@websense.com


2012 Websense, Inc. All rights reserved. Websense is a registered trademark of Websense, Inc., in the United States and certain international markets. Websense has numerous other registered and unregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners. 2.15.12