UAB Juodeliai implements Information Security Management System

Any organisation, regardless of business sector or activity, has certain information at its disposal. Through proper identification and classification of this asset and a systematic assessment of risk and threats, a company can select appropriate controls to manage those risks. One possible solution chosen by the wood-processing company UAB Juodeliai is the implementation and certification of an Information Security Management System (ISMS).

ISO 27001 is an international standard which lays down the requirements for an Information Security Management System in order to enable an organisation to assess its risk and implement adequate controls to protect the confidentiality, integrity and availability of information. The primary function of this system is to protect the information of an organisation from falling into “bad hands” or from its irretrievable loss. ISO 27001 covers all aspects of information exchange: from computer data to conversations in public areas, including securing physical perimeters and initial personnel screenings.

The ISO 27001 audit of UAB Juodeliai was conducted in September and October in several stages. Audit was also carried out by the certification agency Bureau Veritas. To prepare for the certification, the company had to go a long way: the corrective action plan was put in place; external vulnerability testing was performed; social engineering vulnerability was assessed; the staff was trained in order to raise awareness in information security; access control was introduced, and the compliance with the General Data Protection Regulation was evaluated. VORAS Consulting, the consulting company offering consultancy services in information security and risk management, IT service management and information technology optimisation, provided consultancy services throughout the whole preparatory process.

Notwithstanding the fact that ISO 27001 is more popular among IT firms, the example of UAB Juodeliai shows that manufacturing sector companies also consider personal data and information protection one of the priority issues requiring special attention. With the Information Security Management System already in place since the end of October, UAB Juodeliai has an opportunity to develop and implement the information security policy covering all ways and aspects of communication and data protection. We are convinced that ISO 27001 will help us to assure our business continuity under almost all circumstances and also protect the confidentiality of information received from our clients, suppliers, and partners.