PGESCo, Power Generation Engineering and Services Company has received the ISO 27001:2013 (ISO 27001) certification.
ISO 27001 is the most widely recognized standard for information security Management and ensures that Governance, Risk and Compliance practices are conforming to the standard. By achieving this certificate, PGESCo has demonstrated its commitment to Information Security Management and its strength to core business strategic directions. This will help PGESCo to continuously improve its services to go beyond customers’ expectations and show PGESCo commitment to implement Information Security management system requirements throughout the company.
“Security, privacy and compliance are key concerns for today’s markets. As a part of our technology strategy, we continually implement and adhere to information security best practices and processes to protect our customers and employees, This ISO certification validates our ongoing commitment to create and sustain a secure foundation for technology innovations.”
As PGESCo Service Delivery platform has grown to serve Egypt and MENA region, the company has taken a proactive approach to maintain the security of its applications and its own proprietary Data and Customer data.
“The security of our customers’ data is an integral part of our business, our approach has always been to actively earn the trust of our employees and clients where we found the certification process for ISO 27001 a great opportunity to further involve all employees in maintaining and applying security measures.”
The journey of obtaining this certificate started by initiating a Security Management team with main scope to cover all PGESCo Information Assets. The next step was conducting a Gap Analysis and Risk assessment engagement to determine the areas where the possibility of threat could endanger the confidentiality, integrity and availability of information. The analysis included physical sites and buildings, business processes, information Technology infrastructure, resources and assets (tangible and intangible) as well as people within PGESCo and those who affects its business.
PGESCo Information Security team started working on developing all needed policies and procedures to govern the ISO 27001 and started an intensive training /Awareness program to all organization staff to raise the awareness and the importance of Information security for our business. This program lasted for 18 month.
The last phase was passing the certificate process which included two stages. These two stages lasted for 6 full days auditing and confirming that PGESCo management system is meeting all ISO 27001 requirements.
The ISO 27001 security standard helps organizations initiate and maintain an information security management system (ISMS), a suite of activities managing information security risks. This ISMS is a management framework that includes policies, procedures, processes, and roles that organizations use to manage and control information security risks, confidentiality and data integrity.