Securing the Future with ISO 27001 Certification in the Philippines
The security of data is now a boardroom concern – from health-tech start-ups in Cebu through to SME’s and BPOs headquartered in Manila, the spectre of data breaches and cyber-attacks cocks-a-hoop. Department of Information and Communications Technology (DICT) identified 17,000 hacking attempts the Overseas Workers Welfare Administration received from December 2023 and February 2024.
With these higher risks, Filipino institutions, just like those in other countries, are interested in adopting international standards such as, to be able to help secure the businesses’ sensitive information, and at the same time, build customer confidence.
What is ISO 27001 certification?
ISO 27001 is the international standard that provides a framework for Information Security Management Systems (ISMS) to ensure that the confidentiality, integrity, and availability of sensitive company information are kept safe and secure.
In the Philippines, where stringent data privacy regulations such as the Data Privacy Act of 2012 are enforced, becoming ISO 27001 certified can be a smart business decision.
ISO 27001:2022 Transition Requirements in the Philippines
With the release of theISO 27001:2022 version, several updates have been introduced, to which Filipino organizations certified under the older version of ISO 27001:2013 now have to make a transition to the latest standard. The key revisions are:
- Comparing the 2013 and 2022 versions, especially Annex A’s shift from 114 to 93 controls.
- Implementing internal audits and management reviews aligned with the 2022 structure.
- Integrating new threat-based controls like threat intelligence, cloud service usage, and secure software development.
- Transition mode in auditing includes special audit, package with recertification, or via surveillance audits.
How to get ISO 27001 Certification in the Philippines?
There are a series of structured steps in getting the ISO 27001 certification in the Philippines:
- Conduct a gap analysis to compare current practices against ISO 27001 requirements.
- Build & implement the ISMS, via writing policies, managing risk, and implementing controls.
- Train employees with the ISMS framework and ensure their understanding of the concepts.
- Perform internal audits and management review of the updated system, before an external audit.
- Stage 1 & 2 external audits for reviewing documentation and actual implementation.
- Certification decision and ongoing surveillance, via annual checks and continued compliance.
Top Relevant Philippine Laws and Standards that ISO27001 Compliance covers
Local laws like the Data Privacy Act (DPA) of 2012 (RA 10173) mandate organisations to have reasonable and appropriate technical, physical, and organisational security measures, which is also a feature of the ISO 27001 certification.
NPC Circular 2023 06 defined the basic security requirements for PICs and PIPs and has close mapping with Annex A Controls, such as A.9 (Access Control), A.17 (BCM), and A.18 (Compliance).
Why choose Global Quality Services as your certification partner?
From a startup, aiming for the first certification or a well-established BPO expanding its scope, with decades of experience in ISO consulting across Asia, Global Quality Services offers end-to-end assistance in complying with the ISO 27001:2022 requirements in the Philippines.
For a simplified process with customized solutions and expert-led audits, choose GQS as your certification partner, and secure your organization’s future now…
Want to learn more about ISO certifications ? Contact us or drop an email to [email protected] or reach out to this number +65 9344 1973, PHILIPPINES +63 9765 356917
We offer services across Singapore, Australia, New Zealand, Penang, Batam, Hongkong, Manila, Batangas, Laguna, and any location in the Philippines, Maldives, Thailand, South Korea, Myanmar, and Indonesia. Find out more here: Safety, Health, and Environment / Quality / Food Safety
If you want to learn more about other certifications, head on to our blog section.ISO 27001 Certification in the Philippines