PRWire: New York, NY, April 09, 2022 – Ariel Partners, a leading IT firm offering Software Development, Consulting, Coaching, and Training, announced today that its Information Security Management System has achieved certification for compliance with ISO/IEC 27001:2013 standards. The certification applies across the full range of Ariel’s current service offerings, including the provisioning of IT solutions, training, coaching, and program management.
ISO/IEC 27001 is an international standard for to managing information security. It details requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS), aiming to help an organization make the information assets they hold more secure.
“We have all seen stories of high-profile cyber intrusions, data leaks, and ransomware. Thankfully, Ariel adopted a cloud-native posture since day one, using Software-as-a-Service rather than installing servers and information assets on-premises,” said Craeg Strong, Ariel’s CTO. “Nevertheless, establishing an Information Security Management System was important to us. Given the ongoing delays with the Cybersecurity Maturity Model Certification [the cybersecurity assessment framework established by the US Department of Defense], we knew we needed to start with ISO 27K. This certification is a tangible sign to our customers that we take cybersecurity very seriously.”
The ISO 27K framework contains three critical requirements:
1) The organization must systematically and wholistically examine the organization’s security risks, taking account of threats, vulnerabilities, and impacts.
2) The organization must design and implement a comprehensive suite of information security controls and risk management strategies, and
3) The organization must adopt an overarching management process to ensure that information security controls continue to meet security needs on an ongoing basis.
These elements profoundly impact all aspects of how an organization conducts business. For example, before adopting a new technology (e.g., augmented reality), Ariel will conduct “red team” and “premortem” sessions to analyze all possible attack vectors and to quantify the worst-case impact for each of them, were it to be successful. By performing these steps upfront, Ariel can continue to innovate at a high rate of speed while maintaining strict security levels.
“We are proud to have achieved ISO 27K, which represents the next major milestone on our journey of relentless improvement and utmost commitment to quality and security,” said Craeg Strong, Ariel CTO. “The ISO 27001 certification now takes its place alongside our CMMI level 3 DEV & SVC assessments and our ISO 9001 and 20000 certifications. ISO 27000 is particularly relevant for Ariel since we maintain a Top-Secret facilities clearance (FCL). We will continue our security journey with CMMC, and we plan to be one of the first CMMC-certified organizations out of the gate when the assessments become available.”
The ISO standards equip organizations with an approach to continuous business process improvement that considers a wide range of practices for establishing mature and effective processes.
Click here for PDF press release
For more information, please visit arielpartners.com
About Ariel Partners
Ariel Partners is a woman-owned small business located in NYC, providing cloud-native development, Agile and HCD training, Agile governance, and legacy migration via DevSecOps. Ariel provides services to commercial organizations, NYC mayoral agencies, and Federal agencies. Ariel’s customers include HBO, Fannie Mae, NYC Dept of Social Services, the FBI, the Social Security Administration, the Air Force, Department of Labor, and the EPA. Ariel Partners is appraised at maturity level 3 by CMMI for Development and Services and is ISO 9001:2015, ISO/IEC 20000-1:2018, and ISO/IEC 27001:2013 certified. Ariel is an Atlassian Silver Partner, a SAFe Silver Transformation Partner, and a certified ICAgile and Kanban University training facility. Ariel Partners was founded in 2000 by technology experts who continue to be deeply involved in the local NYC IT Community and open-source projects, user groups, and worldwide technology conferences.