STG Group Inc. (STGG) announced July 19 that the company has been awarded an ISO/IEC 27001:2013 Management System certificate for STG’s Integrated Managed Operations, Solutions, and Intelligent Collaboration (MOSaIC) and Information Security and Service Management Systems (ISSMS). The certificate applies to the management and control of the provision of Information Security (IS), Infrastructure and Operations, and IT Services to Global Enterprise business activities.
“STG reached a new benchmark by achieving the ISO 27001 certification and its full integration with our existing ISO certificates,” STG President Paul Fernandes said. “Continuously strengthening our security program with robust security controls, quality processes, and risk management demonstrates our commitment to STG’s and our customer’s mission-critical operations and protecting the integrity of the systems we support.”
The International Standards Organization (ISO) 27001:2013 is a process-based standard which mandates specific management steps that must be in place to control risks to information systems. Certification recognizes organizations that can link business objectives with operating effectiveness. Companies that achieve management system certification to ISO/IEC 27001:2013 have demonstrated effective implementation of documentation and records management, top management’s commitment to their customers, establishment of clear policy, good planning and implementation, good resource security and management, and efficient process control, measurement and analysis.
STG satisfied all requirements for certification of an integrated management system (IMS) with ISO 9001:2015, ISO/IEC 20000-1:2011, and ISO/IEC 27001:2013, successfully demonstrating integration of each respective management system standard and the IMS program in totality.
STG’s proprietary quality framework, MOSaIC provides a holistic approach for managing strategic decisions and information security. It elevates STG’s overall security posture and builds cultural sensitivity to confidentiality, integrity, availability, and privacy of all information within its systems.