Corillian Corp. (NASDAQ: CORI), the top provider of online banking and anti-fraud solutions to leading financial institutions, today announced it has received certification under the new international security standard ISO:27001, which replaced the British Standard BS:7799 in October 2005.
Corillian had also received certification under the BS:7799 standard in mid-2005. ISO:27001 becomes the most widely recognized international framework and standard for developing and certifying a company’s security management system. Corillian is the first online banking company to receive the certification and is among a select group of only eight organizations in the U.S. to receive this international honor. This certification covers Corillian’s entire business operations.
The ISO:27001 standard, like it’s BS:7799 predecessor, focuses on the framework for information security management throughout an organization. The updated standard is international in scope, meaning certified organizations have developed and implemented a global framework for managing the security of their information and mitigating risk – whether for their own information or for customers and partners.
ISO:27001 identifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS (Information Security Management System) with regard to an organization's overarching business risks, and outlines specifications for the implementation of security controls. Updates from BS:7799 to ISO:27001 helped to provide clarity and ultimately strengthen the standard, and included changes in the following areas:
- Risk Assessment
- Contractual Obligations
- Management Decisions
- Measuring the Effectiveness of Selected Controls
"We are thrilled to be recognized for our commitment to security excellence and as the only online financial services company in the U.S. to meet the updated standard’s strict requirements," said Greg Hughes, chief security executive of Corillian. "The ISO:27001 certification underscores the value of our real-world experience and commitment to providing the strongest security practices and technologies to protect our customers and their end users against all forms of Internet and other security threats."
The replaced standard, BS:7799, defined a comprehensive set of security controls that represented best practices in designing, deploying and managing an information security program. The certification’s ten control areas, Business Continuity Planning, System Access Control, System Development Maintenance, Physical Environmental Security, Compliance, Personal Security, Security Organization, Computer & Operations Management, Asset Classification and Control and Security Policy, encompassed more than 120 individual controls. Corillian was awarded the BS:7799 certification in September 2005.
"By certifying Corillian against this new international standard, we are able to demonstrate to our customers and the industry that both our business processes and security programs are built on best practices," said Hughes. "We look forward to continually providing and developing the most robust, user-friendly security environments and technologies in the U.S. and worldwide."