OMIP decided to define and implement internal procedures within an Information Security Management System (ISMS). OMIP’s ISMS is based on the standard ISO/IEC 27001, since it is one of the best-known standards providing requirements for an information security management system.
The ISMS implementation includes all people, processes and systems of OMIP and it is designed to create and maintain a set of management tools that allow OMIP to operate its markets and services according to the industry best practices and regulations. It also promotes confidence in the users of OMIP services and reduces the probability of incidents and potential damage caused by them. These features are in line with the organization's business objectives.
The information security system applies to:
- All information which results from the normal business and services provided by OMIP;
- All organizational units of OMIP in accordance with the organizational structure of the company;
- All the organization's business locations (headquarter office, main datacenter, secondary datacenter and secondary office);
- All assets identified in the Inventory of Assets.
With the implementation of the ISMS, OMIP is equipped with a wide range of internal procedures that allows the efficient management of risks related with information security, namely on the following major areas:
- Risk Assissment
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control
- Information Systems Acquisition, Development and Maintenance
- Information Security Incident Management
In order to establish the concepts and guidelines of OMIP’s ISMS, an Information Security Policy was defined and formally approved by the Board of Directors. This policy applies to all OMIP’s employees, interns, service providers and other partners, as well as all assets and information systems, operational, inactive or in development, whether lodged in OMIP’s equipments and facilities or from outsourcing suppliers.