- Routinely scrutinizes information security risks, anticipating any threats or vulnerabilities that could impact customers.
- After identifying risks, Lifeline uses a comprehensive suite of information security controls to counter those risks.
- Lifeline adopts a management process to ensure information security controls continue to improve on an ongoing basis.
ISO/IEC 27017:2015, an add-on to the 114 controls that make up the ISO 27001 certification, provides further evidence for highly precise security controls specific to cloud services.
In layman’s terms, independent auditors have conducted a cavity search of Lifeline’s cloud services and processes, and certified that our strong security controls also apply to the customer-facing cloud.
But it gets better:
The ISO 27001 certification is a three-year commitment, meaning assessors are required to return over the next two years to verify Lifeline continues to improve and outperform our quality baseline metrics.
How our ISO/IEC 27000 certifications benefit your organization
As a Lifeline customer, our ISO 27001 certification means your data is secured at a level of sophistication that’s exceedingly rare among data center providers, and on par with tech giants like Google and Amazon.
In fact, no other provider offers this level of security in central Indiana.
What is the ISO/IEC 27000 family of standards?
The ISO/IEC 27000 family of standards helps organizations keep information assets secure. Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.
ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). There are more than a dozen standards in the 27000 family.
What is the ISO/IEC 27001:2013 Standard?
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
What is the ISO/IEC 27017:2015 Standard?
ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services. This International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.
ISO 27001 Scope
The Information Security Management System scope includes all systems, networks and interconnections involved with Lifeline Data Centers Corporate general support systems (GSS) and Lifeline Federal Hosted Services systems (LFHS).
LFHS offers IaaS (Infrastructure as a Service) and PaaS (Platform as a Service) systems that at any time potentially host and protect:
- U.S. Government CUI (Controlled Unclassified Information)
- Lifeline corporate and operational information
- Information covered under PCI DSS protection requirements
- Information covered under HIPAA protection requirements, for which Lifeline must commit to HIPAA BA (Business Associate) agreements with the customer