The Fund’s Pension Administration has just obtained the ISO 27001 certification for IPAS, the Fund’s Enterprise Resource Planning (ERP) system, and the Digital Certificate of Entitlement (DCE) system, confirming compliance with industry’s best practices in cybersecurity. The ISO 27001 certification is valid for 3 years and will be subject to annual surveillance audits in 2022 and 2023.
“The added value provided by the ISO 27001 certification of the DCE is the independent confirmation provided by an external subject matter expert that the Fund implemented controls and systems are aligned with internationally recognized industry best practices in information security. The process is based on an independent audit which confirmed whether the Fund complied with state-of-the-art information security controls,” said Dino Dell’Accio, Chief Information Officer.
The Fund first received the ISO 27001 in 2016 for IPAS. That certification was kept valid for the first three years, but, at the end of it, the Fund decided to expand the scope of the certification and include the Digital CE. This new certification is both a renewal of the previous one and also an expansion due to the addition of the DCE.
"This certification provides additional assurance, not only to our participants, beneficiaries and retirees, but also, now, to users of the DCE app, that the Fund’s systems are secure to use", Mr. Dell'Accio added.
ISO 27001 is an international standard on how to manage information security. It details requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure.