Saigon Technology Proudly Achieved ISO 27001 Certification

Last year 2020, getting the motivation to join the pace of business development globally since the outbreak of the severe pandemic, Saigon Technology tried to perfect the company regulations on principles and measures of keeping information sources, in which each individual’s data is always kept safe. 

As a result, in November 2020, Saigon Technology proudly achieved ISO 27001 Certification – a certification of information security management system. At the same time, we have also conducted internal training and implemented many different methods of information management and security, in order to ensure that all employees comply with the prescribed procedures set out based on the regulations of ISO 27001. 

Briefly View About ISO 27001

As a British standard information security management system, ISO 27001 was originally published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005 and later revised in 2013. This system is applied to assist businesses globally with managing information in the safest and most effective way.

ISO 27001 for Information Security contains unified practices and models for establishing, promoting, maintaining and improving systems. As we all know, at each enterprise, information is understood as the scope including data stored in electronic form (files, folders …) or printed data (in paper form).

With the ISO 27001 application strategy, organizations will be able to classify different types of information, thereby identifying possible hazards and risks. The organization’s Information Security specialist will then be able to set up the system, define controls, and implement procedures to reduce those risks. ISO 27001 is suitable for all sizes of organizations; companies – businesses and it is applied in all different economic sectors.

What has Saigon Technology Done to Achieve ISO 27001 Certification?

Each certificate, award, title… has its own set of standards and associated requirements. Businesses that wish to achieve them must follow these requirements strictly. Not only in the short-term review but also committed to maintain and improve continuously in the future.

Towards ISO 27001 for Information Security, Saigon Technology has also taken some steps for internal self-inspection before being tested and verified by another third party. As follows:

• Step 1: Survey and plan
• Step 2: Select and determine the risk management information security measures
• Step 3: Build a system to ensure information security for the business internally
• Step 4: Deploy and apply  security measures and specific policies about Information Security
• Step 5: Internal assessment

The Process of Applying ISO 27001

The process of applying ISO 27001 is conducted by Saigon Technology as follows:

Define specific business goals

Businesses – especially management level, need to be able to answer the following two questions:

• What are your business priorities?
• Who are the stakeholders that need to be involved?

Survey the current state of the business

Based on the information of the ISO 27001 for Information Security assessment standard document, enterprises set up their own subcommittees to assess the current situation of Information Security management to be able to offer solutions, as well as adjust the way Information Security is managed according to the expectations of the management.

Risk assessment

Enterprises need to take this step to identify possible risks, in order to come up with the right risk assessment methods. Specifically:

•  Risk assessment for assets identified as belonging to the company
•  Minimize the risks that are not allowed to occur
• Establish policies and procedures to manage backlog risks

Plan to build an Information Security Management System (ISMS)

Planning is considered as a necessary thing prior to every campaign and project. In preparation for the achievement of ISO 27001, Saigon technology has tried to design timelines for specific actions. Thereby, specifying what items must be conducted and by whom, along with a clear completion schedule so that specific requirement can be quickly issued, and the implementation of policies – regulations is implemented for all employees in the enterprise.

Develop a specific set of documents

Develop a set of documents containing official, updated information on Information Security procedures and regulations. At the same time, issue these documents for the departments/divisions and each employee to apply in accordance with the direction.

The document will act as a guideline to help employees and departments to follow the right path of information security. And even if a new employee enters the company, he/she will have enough information to follow up correctly.

Deploy application

After completing the necessary preparation steps and accompanying documents to guide, the tightening of information management and control will be widely applied to all employees in the company, including guests invited, candidates coming to the office for interview, cleaning staff, security guards, etc. also need to strictly follow these regulations in order to bring the best effectiveness for the campaign.

Internal control

After applying the regulations on Information Security, the Information Security Control subcommittees of the company will conduct detailed instructions, review, and remind employees to make a series of changes or adjust to comply with the regulations set forth by the company.

In addition, certain tests or information reinforcement materials are also considered necessary to ensure that all members of the company understand the regulations and strictly follow them.                                                                                                                                            

Get reviewed by an Expert Unit

Having completed the inspection and evaluation by internal subcommittees in advance, the business will now be evaluated by a third party specializing in quality assurance, with expertise in consulting and providing domestic and international certifications.

Conduct regular reviews

ISO 27001 is inspected every 3 years, to ensure the integrity of the organization. In particular, after receiving the certification, the organization will maintain its operation in accordance with Information Security regulations and conduct periodic evaluations every year, for 2 consecutive years. Then, after 2 years of evaluation, the organization will be assessed in more detail and achieve the 3rd year certification.

Specific achieved results

Saigon Technology was pleased to acquire the ISO 27001 certificate by BSI at the end of 2020. We had been promoting awareness about ISO27001, implementing information security standards to all staff, and for the majority of ongoing projects in advance. This proves that Saigon Technology is capable of:

• Protect information from unauthorized intrusions, breaches, and theft
• Grant the right to amend the information to designated individuals
•  Assess risks and improvise to mitigate those risks for existing information resources
• Independently assessed to international standards based on industry best practices

Specifically, for two large-scale international strategic projects, TooGood and Topicus, ISO 27001 is thoroughly applied to bring about standardization in information security processes. Thereby ensuring:

• The way the business operates would become in line with the requirements of international clients
• Increase the reliability and security of information systems
• Increase the trust of customers and business partners
• Increase business resilience
• Improve management processes
• Complete the company’s risk response and troubleshooting strategies 

Overview about our current services & certification

Currently, Saigon Technology has a total of 8 Services, including:

• Offshore Software Development
• Custom Software Development
• Software Development Outsourcing
• Software Product Development
• Web Application Development
• Cloud Migration
• Mobile App Development
• Offshore Software Testing

Regarding outstanding achievements – becoming an ISO 27001 Software Development Company, in addition to a series of high-quality products that satisfy international customers, Saigon Technology also achieved a high position in the Top 50 best software companies in Vietnam – the second award in 2019 that Saigon Technology was awarded by Vietnam Software Association after Sao Khue Award.

In addition, Saigon Technology also received the Top IT Development Outsourcing – Sao Khue Award in 2020. This is the result of our commitment to providing excellent Information Technology services in web and mobile technology. The Sao Khue Awards ceremony has become a ceremony that innovators in Vietnam want to participate in. This ceremony provides a great platform for them to showcase their products and services. Also, VINASA is an organization in Vietnam that is still committed to organizing this Sao Khue award ceremony. It really helped drive innovation in Vietnam.

As one of the leading software outsourcing companies awarded the Sao Khue Award, Saigon Technology has the drive to grow faster and more sustainably to serve the world’s growing startups and businesses.

Our vision for 2021 & the next 5 years

Saigon Technology was honored to obtain ISO 27001 Certification – a certification of information security management system, in 2020. “Our goal in the next 5 years is to develop into an international software development specialist company with 100% Vietnamese capital, using Vietnamese talented resources to conquer and contribute to bringing about typical value for information technology around the world” – CEO of Saigon Technology, Mr. Thanh (Bruce) Pham said.

Yes, indeed. In 2021, Saigon Technology will accelerate the process of consolidating the organizational structure and mastering the processes and regulations to systematize the work items of employees. At the same time, keep training and constantly encouraging employees to improve their skills through specific programs and courses. Particularly for talented and dedicated individuals, Saigon Technology will always strive to recognize talents and promote further personal development, in order to bring the best conditions to all company personnel.

With 9 professional services and a team of 300+ talented employees across Vietnam, Saigon Technology – ISO 27001 software development outsourcing company – is the right destination for the need to choose a proper provider. No matter what country you are in, what the end-users are, how big the program is… don’t hesitate to contact us and leave us your message here. Complimentary quotes and consultations are awaiting!