By now, Semantic Web Company’s (SWC) Information Security Management Systems have been certified according to the standard ISO 27001:2013 for the third year in a row. At the core of this certification is an annual check where all critical factors of the certifications are re-assessed by CIS – Certification & Information Security Services GmbH. This ensures continuous certified security at a high level for all our products and services.
At SWC, we believe that the security of all of our information assets is of extreme relevance both for the company – as a leading provider of graph-based knowledge technologies – as well as for our customer base of Global 2000 companies.
A Systematic Approach for Information Security Management
Maintaining an effective Information Security Management System (ISMS) is essential to increase trust from our customers towards SWC’s products and services. Our ISMS includes the people, processes, and IT systems of our organization as well as the activities associated with the following products and services:
- PoolParty Semantic Technology Suite
- PoolParty Cloud Service, Professional Services
- PoolParty Training & Transfer
- Taxonomy Management & Knowledge Engineering
- PoolParty Development
- Linked Data Strategy
Security-Oriented Corporate Culture
Our corporate culture supports information security and is part of our DNA, which is the reason why we have always complied with the security requirements of our customers.
Employees’ awareness of the impact that continuous certified security has on business performance is fundamental, so SWC employees must comply with all policies of the company so that there are no windows for risks. Our information security team creates standardized requirements for the security process and ensures sufficient awareness and education of all employees.
Security Council
All organizational units at SWC have a representative assigned in the Security Council, in which the essential guidelines and work is coordinated. In particular, an overall safety concept has been developed in a security forum and is submitted to management for approval.
Through appropriate technical, organizational, and infrastructural measures, access to sensitive systems, security zones and critical infrastructures as well as access to critical information and applications are controlled and only authorized for certain approved persons.
Access authorizations are only granted and withdrawn as required after formalized application procedures. Employees of SWC have received special security rules for the respective workplace, which in particular include a reporting obligation for security incidents. Additionally, security training, where attendance is mandatory, are managed for all employees.
SWC management is actively supporting these security organization processes.
Maintaining the ISO Certificate
SWC follows the ISO 27001:2013 standard and has implemented the management elements of this standard. These include the performance of regular internal audits, appropriate control of documentation and records, management evaluation, and the application of the continuous improvement model (PDCA).
The ISO 27001:2013 certified ISMS helps PoolParty Semantic Suite to stay the most complete and secure semantic middleware on the global market.