The certification underlines Custodian’s commitment to preserving the confidentiality, integrity, and availability of all the physical and electronic information assets managed by the business. The Custodian Security Management System and processes covered by the ISO 27001 certification are based on a detailed risk management analysis of the company’s entire data centre network.
ISO27001 is one of the most rigorous international standards for system and physical security processes and effectively replaces BS7799-2, the original British Standards Institute standard. The audit and certification process focuses on every aspect of the business, including physical infrastructure, site security and access management, personnel capabilities, communications and operations, legal compliance criteria, and back-up and disaster recovery systems.
Custodian DataCentre is a leading independent provider of colocation, managed data centre, hosting and connectivity services in the UK. Custodian DataCentre specialises in the design, build, and management of business-critical hosting & environmentally sensitive locations, helping companies reduce the cost, complexity and security risks associated with maintaining mission critical and online environments. Custodian DataCentre services are underpinned by a resilient infrastructure, which includes multiple high-tech data centre Points-Of-Presence across the UK. Objectives Custodian’s objective for managing information security is to ensure business continuity and minimise business damage, by preventing and minimising the impact of security incidents. In deploying the Custodian DataCentre Information Security Management System (ISMS), the Management Team aim to maintain existing known risks at their current low level and ensure that new and changing risks are managed in an equally consistent and professional manner. Purpose The purpose of this Policy is to protect both Custodian DataCentre and its Customer’s Assets from all threats, whether internal or external, deliberate or accidental. Protection of information is set out in terms of:
In particular Custodian DataCentre will:
All managers are directly responsible for implementing the Security Policy within their business areas, and for adherence by their staff. It is the responsibility of each member of staff to adhere to the Security Policy. Failure to do so may result in disciplinary action. The full policy is comprised of a series of policies which include the following. Personnel are required to sign for these policies to confirm their acceptance of these. These are displayed where relevant and are within the policy booklet:-
“We did not use a consultancy to achieve ISO27001 (which can be a templated box ticking exercise) but our own people. This allowed us to involve everyone & to make the ethos of ISO27001 central to the operation of our organisation.”