The Impact Of Google’s ISO 27001 On Business
Google has recently acquired an ISO 27001 security certification. This certification is provided by an independent body to companies that pass various security requirements. For a company to obtain the ISO 27001 certification, it must agree to be examined by an internationally recognized, independent body for information security risks. The body will check the company for threats, impacts, or vulnerabilities. Aside from examining information security risks, the body will also examine the company for information security controls. Such controls must be in place, together with fully functioning risk management measures. The methods are used to fight off any unacceptable risks. Another area which the certifying body will examine is the company’s management system. It will have to be assured that a system is in place in order to meet any information security requirements in the future.
Ernst & Young CertifyPoint audited Google for the purposes of ISO 27001 certification. An informal review was conducted in order to assess security risks and controls aside from the full in-depth audit. After the audit, various follow-up reviews were also made to assure that Google is implementing information security practices. On May 28 this year, Google Apps for Business was ISO 27001 certified. With the certification, businesses can now put their security concerns on Google Apps to rest, because it proves that Google has placed top priority on resolving information security issues.
With SSAE 16/ISAE 3402 audits as well as the FISMA certification for Google Apps for Government, Google can now brush off critics, for it is able to assure the public that it is highly committed to maintaining a high standard of security as well as its continuous evolution of security practices. Google is continuously undergoing other third-party audits to further stress this commitment.
Because Google is now certified, a business owner is now assured that their business data is safe and secure with Google Apps. Google has a commitment to keeping a customer’s data intact and safe from outside threats. Businesses can now trust Google to protect their data. The audit lasted for six months and the certification covers its technology, datacenters, processes, and systems used for cloud computing service applications. With the certification, Google is optimistic that it can draw large financial institutions as well as the public sector into using its services such as Gmail, Docs, and others.
Google took pains in obtaining ISO 27001 and SSAE 16/ISAE 3402 for its Google Apps in order to prove that their applications have the necessary security controls. While other providers obtain certification for their infrastructure and datacenters, Google took another step forward and had its personnel, code processes, and software certified. Although the certification is issued for Google Apps for Business only, Google claims that users of the standard free edition of the cloud suite and Gmail are also benefitted, because the core technology layer overlaps. However, Adam Swidler, Google Apps for Business senior manager, agrees that there is really no perfect security guarantee. But for Google Apps for Business, the security controls are industry specified and the public is free to check on such controls.
By Florence de Borja