TPL Inc. is extremely proud to announce that we have achieved ISO 9001:2008 and ISO 27001:2013 certifications from DQS Holding GmbH.
By becoming ISO 9001 certified, we demonstrated that we are truly invested in understanding our clients needs and working with them to deliver high quality solutions, whilst continuously reviewing and improving the way we work. ISO9001 evaluated whether our Quality Management System is appropriate and effective, while forcing us to identify and implement improvements. Continuous improvement assures our customers benefit by receiving products/services that meet their requirement, and that we deliver consistent performance.
Acquiring ISO 27001 certification , we proved our ability to protect critical and sensitive information, provide a systematic, risk-based approach to information security and compliance, and comprehensively comply with the global ISMS security standard. ISO 27001 certification covers human resources security, asset management, physical and environmental security, incident management, access control, information security organization, network security, operating system, application control and regulatory compliance.
The ISMS ISO 27001 certification is important both for TPL's internal information security and controls as well as illustrating to customers that TPL holds itself to an elite standard under which all contract performance will be accomplished. The certification covers all the TPL procedures and has been integrated into TPL existing Quality Management System which was already ISO 9001 externally certified.
What is ISO 9001?
ISO 9001 is one of the standards within the range of ISO 9000 standards.ISO 9001: 2008 standards replaced the previous ISO 9001: 2000 and its objective is to provide quality management systems that will be of real benefit to your organisation to help manage your business effectively and put in place best practice methodology.
The standard covers all aspects of an organisation's activities, including identifying its key processes, defining roles and responsibilities, policies and objectives, documentation requirements, the importance of understanding and meeting customer requirements, communication, resource requirements, training, product and process planning, design processes, purchasing, production and service, monitoring and measurement of products and processes, customer satisfaction, internal audit, management review, and improvement processes.
What is ISO 27001?
ISO 27001 is an international standard published by the International Standardization Organization (ISO), and it describes how to manage information security in a company. The latest revision of this standard was published in 2013, and its full title is now ISO/IEC 27001:2013
ISO 27001 can be implemented in any kind of organization, profit or non-profit, private or state-owned, small or large. It was written by the world’s best experts in the field of information security and provides methodology for the implementation of information security management in an organization. It also enables companies to become certified, which means that an independent certification body has confirmed that an organization has implemented information security compliant with ISO 27001.
How does ISO 27001 work?
The focus of ISO 27001 is to protect the confidentiality, integrity and availability of the information in a company. This is done by finding out what potential problems could happen to the information (i.e., risk assessment), and then defining what needs to be done to prevent such problems from happening (i.e., risk mitigation or risk treatment). Therefore, the main philosophy of ISO 27001 is based on managing risks: find out where the risks are, and then systematically treat them.
The safeguards (or controls) that are to be implemented are usually in the form of policies, procedures and technical implementation (e.g., software and equipment). However, in most cases companies already have all the hardware and software in place, but they are using them in an unsecure way – therefore, the majority of the ISO 27001 implementation will be about setting the organizational rules (i.e., writing documents) that are needed in order to prevent security breaches. Since such implementation will require multiple policies, procedures, people, assets, etc. to be managed, ISO 27001 has described how to fit all these elements together in the information security management system (ISMS). So, managing information security is not only about IT security (i.e., firewalls, anti-virus, etc.) – it is also about managing processes, legal protection, managing human resources, physical protection, etc.
DQS Holding GmbH based in Frankfurt am Main is the holding company of the worldwide DQS-UL Group. The group provides assessments and certifications of management systems and processes of any type.