In France, nearly 90% of companies are affected by cyber-attacks, sometimes without knowing it for a while. Unfortunately, once this moment comes, it is on average 1.3M € of damage and 15 days of interruption of services. It is therefore important to have a framework that allows people to feel safe. There must be rules and therefore standards.
A standard, from the Latin norma which means a square or a ruler, is used to define, virtually or not, everything that is normal (that which fits into the norm) or abnormal (that which falls outside the norm).
Standards are the product of knowledge accumulated over time to determine an agreed way of doing something.
Within the meaning of the lawthe term 'norm' refers to mandatory rules established by public authorities which can be found in legislation, the Constitutiondecrees, ordinances, etc.
Within companies, they cover a wide range of activities for the benefit of customers and employees. to customers and employees.
What is the purpose of standards?
Standards have several functions and objectives. They allow to :
- facilitate trade in commerce
- establishing laws for a country based on international standards
- Provide a framework within which to evolve to promote interoperability between countries with common standards. For example, toy safety standards to protect children.
- control quality to reduce product and service failures
- facilitate accessibility for people with disabilities
- manage energy consumption to reduce costs
- reduce accidents at work (if it is related to health and safety)
- strengthen the protection of customers/users/employees
It is on this last point that we will focus in this article, and more specifically on the ISO standards relating to the security of sensitive information.
ISO/IEC 27001:2013 & its extension ISO/IEC 27701:2019
Of the dozens of standards in the ISO/IEC 27000 family, the ISO/IEC 27001:2013 is certainly the best known. This standard concerns the enterprise security in the risks concerning the organisation, customers and partners, employees, commercial relations etc...
This results in different processes covering a wide range of potential vulnerabilities to ensure a high level of security.
- analysis of risks and its means of control
- asset management
- access controls
- supplier management (whether they are French or not)
- compliance of partner companies to ensure overall security in trade
👀 We recommend the checklist in this article : Checklist: ISO/IEC 27001:2013 for dummies
The last points relate more to the extension 27701:2019, which is concerned with privacy protection. This is not unimportant, as it aims at maintaining and continuously improving a privacy management system (PIMS).
As at Hyperlex (because yes, we have the certification and its extension), we must therefore treat all partners and subcontractors to ensure that everyone's information is encrypted, securedand can be deleted on request at any time, to limit as much as possible all risks of personal data theft.
Would you like to know more?
Watch our dedicated webinar: How to secure corporate legal data in the cloud?
- 7 good practices to control contractual risks
- How to bring your legal documents into the digital age?
- Interview : Alexandre Grux (Hyperlex) and Benjamin Moutte (Rakuten)
- Security: why protect your contractual data?
- What is compliance?
- How can you protect your contract data in the cloud? Decryption.