ISO 27001:2013
It is very important to all businesses that outsource operations and services to IT companies to obtain confirmation that the service provider operates a certified information security management system. Information security is becoming increasingly important for the valuable and sensitive infrastructure of businesses and public institutions. It is very important that service providers look for all means to minimise threats and risks that may affect the IT environment and use recognised and certified methods to achieve this. Origo has implemented an ISO 27001 certified information security management system and also employs around 30 specialists who have received an ITIL Foundation Certificate in IT Service Management. The Company places great importance on constantly deepening and enhancing employees' awareness and knowledge of information security. In addition to the Company itself holding security courses, tests and conferences, it also sends employees to more tailored courses, including courses on secure programming and ethical hacking. The Company conducts numerous tests each year on infrastructure security as part of regular contingency and emergency planning, as well as vulnerability tests on the infrastructure and systems that the Company owns, services and operates.
Origo places great emphasis on ensuring that its entire operating and service environment is secure and that its employees exhibit the highest level of knowledge, skills and professionalism when it comes information security and services. The Company's goal is to be the first choice of customers when they choose a partner for the secure operation of information technology and services. Origo has been ISO 27001 certified since October 2004.
ITIL
The Company's information processing, procedures and service management are based on a strong ITIL foundation, built by Origo's talented team of ITIL specialists.
The ITIL methodology ensures a high level of customer service while also minimising the potential impact of any disruptions that may occur. Service Level Agreements (SLAs) have been structured on the basis of ITIL and all service procedures and service controls have been developed according to the ITIL methodology.
The Company aims to be in the forefront of Icelandic service providers who have implemented and adopted ITIL and ISO 27001, in order be able to provide a secure operating environment and excellent service, both for its own infrastructure as well as for customers.
Risk assessment and risk management
Risk assessment is based on the most valuable assets that fall within the scope of certification. Once the most important assets have been defined, as well as the owners and persons responsible for those assets, the risks that affect the asset concerned are assessed. When threats, probabilities, frequencies and impacts have been assessed, risks are documented either as "Green", "Yellow" or "Red" and placed in the appropriate procedure category (risk non-existent/Green – risk that requires action/Yellow – risk that requires immediate action/Red). The final part of risk assessment involves reassessing risks that have been placed in an action category (yellow or red). The reassessment examines whether existing risks have been addressed and the actions that have been approved or rejected by the Security Committee, which has the role of reviewing and approving/closing or rejecting a solution or action.
The purpose of the risk assessment is to identify the risks that may exist in the environment, to understand their nature and to minimise the threats they pose through actions, transference or approval. Risk assessment and risk management delivers continuous improvement in both services and operations and ensures proper management, builds trust in information security management systems, minimises risks in the environment, strengthens information security management systems and allows for appropriate responses, in addition to protecting the Company during times of growth or contraction.