ISO/IEC 27001:2013 Information Security Management Standards

ISO/IEC 27001 overview

The International Organization for Standardization (ISO) is an independent nongovernmental organization and the world's largest developer of voluntary international standards. The International Electrotechnical Commission (IEC) is the world's leading organization for the preparation and publication of international standards for electrical, electronic, and related technologies.

Published under the joint ISO/IEC subcommittee, the ISO/IEC 27000 family of standards outlines hundreds of controls and control mechanisms to help organizations of all types and sizes keep information assets secure. These global standards provide a framework for policies and procedures that include all legal, physical, and technical controls involved in an organization's information risk management processes.

ISO/IEC 27001 is a security standard that formally specifies an Information Security Management System (ISMS) that is intended to bring information security under explicit management control. As a formal specification, it mandates requirements that define how to implement, monitor, maintain, and continually improve the ISMS. It also prescribes a set of best practices that include documentation requirements, divisions of responsibility, availability, access control, security, auditing, and corrective and preventive measures. Certification to ISO/IEC 27001 helps organizations comply with numerous regulatory and legal requirements that relate to the security of information.

zestHUB and ISO/IEC 27001

The international acceptance and applicability of ISO/IEC 27001 is the key reason why certification to this standard is at the forefront of zestHUB approach to implementing and managing information security. zestHUB achievement of ISO/IEC 27001 certification points up its commitment to making good on customer promises from a business, security compliance standpoint. Currently, both @Work, WMS, OMS, TMS and SOMS are audited once a year for ISO/IEC 27001 compliance by a third-party accredited certification body, providing independent validation that security controls are in place and operating effectively.

 

zestHUB in-scope cloud platforms & services

  • @Work
  • WMS
  • OMS
  • TMS
  • SOMS
  • zestHUB Room security

@Work and ISO 27001

@Work environments

zestHUB @Work is a multi-tenant hyperscale cloud platform and an integrated experience of apps and services available to customers in several regions worldwide. Most @Work services enable customers to specify the region where their customer data is located. zestHUB may replicate customer data to other regions within the same geographic area (for example, Singapore) for data resiliency, but zestHUB will not replicate customer data outside the chosen geographic area.

This section covers the following @Work environments:

  • @Work Mobile: commercial client software running on customer devices.
  • @Work Desktop: commercial client software running on customer devices.
  • @Work Web: the commercial public @Work cloud service available globally.

Use this section to help meet your compliance obligations across regulated industries and global markets. To find out which services are available in which regions.

Your organization is wholly responsible for ensuring compliance with all applicable laws and regulations. Information provided in this section does not constitute legal advice and you should consult legal advisors for any questions regarding regulatory compliance for your organization.

@Work applicability and in-scope services

Use the following table to determine applicability for your zestHUB @Work services and subscription:

Applicability

In-scope services

@Work Mobile

-       Login

-       Logout

-       Check-in Check-out Attendance by biometric

-       Check-in Check-out Attendance by scan qr

-       Break-start break-end Attendance

-       Management task

-       Management leave

-       Management overtime

-       Management pay slip

-       Request open profile

-       Update profile user

-       Update security password

-       Setting scheduling notification

-       Request attendance

-       Message notification

-       Message announcement

-       Delegation and Temporary lead

 

@Work Desktop

-       Login

-       Lock screen when users have not check-in yet in mobile

-       Capture monitoring

-       Request send location surveillance to @work mobile apps

 

@Work Web

-       Login

-       Logout

-       Dashboard attendance

-       Management task

-       Management leave

-       Management overtime

-       Management payroll

-       Update profile user

-       Update security password

-       Setting scheduling notification

-       Request attendance

-       Delegation and Temporary lead

-       Monitoring employee surveillance

-       Report attendance

-       Report task activity

-       Report overtime

-       Leave quota

-       Export report

-       Surveillance bank apps

-       Bank apps history

-       Calendar

-       Approval Attendance

-       Approval open profile

-       Approval update profile

-       Mass approval

-       Master employee

-       Master shift

-       Master company

-       Master office location

-       Master work group

-       Master org.structure

-       Master device

-       Setting general

-       Register device

-       Role menu

 

Frequently asked questions

Why is zestHUB compliance with ISO/IEC 27001 important?

Compliance with these standards, confirmed by an accredited auditor, demonstrates that ZestHUB uses internationally recognized processes and best practices to manage the infrastructure and organization that support and deliver its services. The certificate validates that ZestHUB has implemented the guidelines and general principles for initiating, implementing, maintaining, and improving the management of information security.

Are annual tests run for @Work infrastructure failures?

Yes. The annual ISO/IEC 27001 certification process for the ZestHUB Cloud Infrastructure and Operations group includes an audit for operational resiliency.

Where do I start my organization's own ISO/IEC 27001 compliance effort?

Adopting ISO/IEC 27001 is a strategic commitment.

Can I use the ISO/IEC 27001 compliance of @Work services in my organization's certification?

Yes. If your business requires ISO/IEC 27001 certification for implementations deployed on ZestHUB services, you can use the applicable certification in your compliance assessment. You are responsible, however, for engaging an assessor to evaluate the controls and processes within your own organization and your implementation for ISO/IEC 27001 compliance.