Your data. Our integrity.
They say the problem with integrity is you only lose it once. That can be true of many things. As our clients become increasingly dependent on their operational data, it’s important they know that their data is safe and secure. At 90POE, we understand this. We understand clients’ trust in our platform and how we look after their data is imperative.
That’s why we are proud to announce we have been certified ISO 27001 for our Information Security Management Standards.
As a pioneering maritime software provider, we are using the latest in technology to deliver a data-driven platform to our clients, helping their decision-making process on a daily basis. The data and information which flow through our OpenOcean STUDIO® belong to our clients. It’s personal, it’s commercial, its operational, it’s theirs. That’s why it’s critical our clients have absolute confidence in not only what we build but in how we build and maintain our technology, so they can sleep soundly knowing their data is safe and secure with 90POE.
Our integrity depends on it.
That’s why we’re committed to protecting not only our own data but also our clients’. We believe that having the highest standards of information security for ourselves and our clients sets us apart from the competition. It’s important for us to not only validate how we operate against a recognised international standard but to go beyond this so that we are certified practitioners and not just compliant.
The ISO 27001 certification provides a framework and checklist of controls that allow us to maintain a comprehensive and continually improving model for information security management. A yearly cycle of internal auditing our processes helps us to stay on top of our information security.
ISO’s international reputation as the gold seal of approval when it comes to best practice means ISO 27001 is the perfect standard against which to measure ourselves. It’s also a great opportunity to build on our accredited ISO-9001 award for quality management system and certification.
What is ISO 27001?
ISO 27001 is an accreditation awarded by the International Organization for Standardization (ISO), which contains a set of high-level standards for handling information securely. This set of standards helps organisations keep their information assets secure.
The cornerstone of ISO 27001 is the assessment and management of security risk. To achieve this certification, a company must design and implement an Information Security Management System (ISMS) containing safeguards to ensure the confidentiality, integrity, and availability of every solution they deliver. ISO 27001 provides requirements for the ISMS, outlines a set of best practices, and details the 114 security controls to ensure the management of Information security risks.
Our ISMS doesn’t only address how our technology and platform handles information, but also how our people and processes handle information securely. Three key aspects of information handling are crucial to complying with ISO 27001:
Confidentiality – Information is only disclosed to authorised parties and only when appropriate
Integrity – Information stored and used is accurate
Availability – Information is available and accessible when it’s needed to help deliver our services
ISO 27001 has 114 controls in 14 groups and 35 control categories ensuring that all the risks associated with information and data covering people, processes, suppliers, vendors, and technology are continuously considered, reviewed, and, where possible, mitigated.
What does this mean for our clients?
This certification to the ISO standard demonstrates that we have the appropriate training, people, and technology to protect clients’ valuable information and data. Our clients can have total confidence in our processes and data management. We consider every aspect of protecting their information and data in our guardianship, so they don’t have to.
How did we achieve it?
We started the project to achieve this accreditation by conducting a thorough internal audit of all our policies and processes. This audit focused on how we handle, process, and secure valuable information to ensure we protect our clients and ourselves. An independent UKAS (UK Accreditation Service) certification body then completed an in-depth audit and awarded us the certification.
This audit demonstrated that our ISMS meets the requirements of the ISO 27001 international standard.
Our ISMS includes many controls, some (not all) highlighted below:
· Legal controls such as non-disclosure agreements and registrations with appropriate security bodies.
· Organisational controls such as our company-wide policies on Access control, Acceptable use, Asset management, Remote working, Cryptography, Information classification, Malware and Vulnerability, and Supplier relationships.
· Physical and Network controls, including scheduled external penetration testing of our entire infrastructure and platform.
· Technical controls such as antivirus software, Data backup and recovery, Secure systems and development, and Data in transit.
· Human Resource controls, including staff vetting, ongoing training and clearly defined role-based permissions.
· Operational controls such as Security incident and problem management.
In achieving this certification, we remain process-driven, and solution-focused. We use this to great effect in our product management, development, and strategic workflows. Now this enables us to deliver consistent, reliable, and meaningful results for our clients.
How will we ensure we keep meeting the standard?
Getting to a place where we achieved certification is a great achievement. But this is only the start. We are now in the cycle of completing continuous internal (and annual external) audits to ensure we keep meeting the high standards that the ISO 27001 accreditation demands. These internal audits mean we can continually maintain and improve our ISMS to provide the level of assurance we expect for our clients.
90POE is a pioneering company in the field of digital intelligence for maritime. Whether our clients are just beginning to explore the possibilities or already have mature systems and processes in place, our OpenOcean STUDIO® platform helps them make the most of digital technology.
We enable clients to make better decisions by enriching their maritime expertise with digital intelligence. We harness technology better to understand, respond and interact with data, trends, and events impacting our clients’ operations today and enabling them to plan for tomorrow. Information is a currency; with the right evaluation, exchange and applied client expertise, it creates value. This approach leads to improved processes across teams, more fuel-efficient voyages, lower operational costs, and safer, more compliant operations.
We help our clients establish what they have and what is key. We enhance their existing systems with our fleet, vessel, voyage, crew, and maintenance modules. We elevate their information, to focus on the most important decisions and interventions. Collectively, this enables our clients to evolve their decision-making to meet their ever-changing challenges and needs, from the bridge to the bottom line and beyond.