Critical infrastructure is often referred to as being the backbone of society and the economy—the economy needs reliable infrastructure to connect people, businesses, cities, supply chains, and keep industry moving. Without effective infrastructure, communities would be cut off.
But far from connectivity being solely physical, the networked activity that underpins infrastructure continues to grow at a rapid pace, as the Government’s Digital Britain report remarks, “The Digital World is a reality in all of our lives”. And the reality is, our dependency on cyberspace not only opens up huge opportunities, but also presents risks far beyond just surfing the web, shopping or social networking online.
As the world was forced to work from home in 2020, the pandemic turbo-powered widespread cloud-based communication and collaboration technology adoption. This included creating blocks of cyberspace that represent our physical world, and as such are fundamental to our national infrastructure’s resilience. As civil infrastructure moves more online, digital and physical systems are converging, making securing them more complex, and when any cyberattack aimed at civil infrastructure has the ability to put entire countries and communities at risk, protecting the systems that underpin our infrastructure projects is vital.
A recent report by IBM Ponemon found that 74% of organisations are not prepared for cyber attacks and do not have a response plan in place to protect them. The effects of a cyber attack on an infrastructure project, no matter the lifecycle stage, could have devastating effects, from exposing proposals or option selections, compromising the build strategy or leaving an asset vulnerable to attack endangering workers as well as the public.
At Sensat, we believe that cyber security must be central to any project so that the data powering and informing it is protected from crime as extreme as terrorism, but also other forms of criminality such as theft, ransomware, and those known as ‘hacktivits’. For your project, data breaches not only impact business and revenue, but can also inflict significant reputational damage. This is why at Sensat, we have a robust information security management system (ISMS) that protects our customers from risks such as these.
Today we celebrate Sensat’s recent certification for ISO 27001 and explore how you can keep your data safe.
What is ISO 27001?
Of the data security accreditations, ISO 27001 is among the most widely recognized security standards in the world. ISO 27001 is the international standard and framework for information security which sets out the specification for an information security management system (ISMS). An ISMS is a set of policies, procedures, processes and systems that manage information risks, such as cyber attacks, hacks, data leaks or theft. This framework covers everything from the way we store client data, to best practices for risk assessment and mitigation and serves as an indication that our ISMS, at Sensat, is aligned with information security best practices.
Gaining accreditation is not a one time pass, an ISMS must be regularly updated to review risks and internal processes as well as avoid data breaches to be effective over time. ISO accreditation means that companies have to be regularly audited to ensure that they continue to comply with standards and our next external audit will be in October 2022.
What does having ISO 27001 mean for Sensat?
Our certification means that Sensat handles data (both our clients’ and our own) in accordance with international best practices in information security. This certification gives us international credibility, that we have identified the risks, assessed the implications and put in place systemised controls to limit any damage to our business, our platform services and our customers' data.
The benefits include:
- Alignment with customer requirements
- Increased reliability and security of systems and information
- Increased our resilience
- Improved foundation to our management processes as we continue to scale
- Improved future partnerships confidence
What does Sensat’s ISO certification mean for our clients?
In short, ISO 27001 is a simple way of communicating our commitment to information security best practices to our customers, current and potential. If you are an existing client you won’t see any changes to Sensat’s platform or the way we do business. However, it does mean that anyone using Sensat can be confident that we:
- Store and access all data securely
- Have a robust business continuity plan
- Assess and mitigate all information security risks on a regular basis
- Generally handle all information according to best practices
Sensat’s security management system (ISMS)
Our ISO 27001 certification means that when you choose our platform to host and visualise your data that it is safe in our hands. However, the ISO 27001 certification is just one of the many things Sensat upholds to ensure that your civil infrastructure information is safe and secure from cyber risks.
Certified to UK Government-backed scheme standards
Cyber Essentials is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats. Sensat is verified to UK Government-backed scheme standards which means we use:
- Encrypted transfer protocol (HTTPS)
- Data segregation
- Automated dependency vulnerability checks
- Session hijacking/man-in-the-middle attack prevention
- Regular penetration testing with an ‘IT Health Check’
- Strong internal data access policies to keep your information in our platform secure from data risk
User information permissions
At Sensat we are focused on getting data into the right hands, but that also means ensuring that it doesn't fall into the wrong hands. We understand that project owners may not want to issue the same information rights for everyone involved in your project. Using Sensat, project owners are able to navigate three levels of permissions to ensure that all site data is shared in the right way:
- Admins: have full rights and as such can upload files, invite new team members and perform all other actions within the platform.
- Editors: cannot invite new team members, but can perform all other actions within the platform.
- Contributors: cannot upload or access or download any files and they cannot invite new team members, but they can perform all other actions within the platform.
How can you keep your infrastructure data safe?
Defend the whole supply chain from cyber threat
With often several different stakeholders within projects, there is not only a need for internal cyber security standards to be upheld, but you must also ensure that anyone with whom you decide to work withholds similar security standards to yours. This can be a difficult and lengthy assessment, which is why looking for data security accreditations, such as ISO 27001, can be a painless solution to the problem.
A Common Visualisation Environment® (CVE)
Having a single repository for data and information, such as a CVE about any given project, not only optimises business process and provides a visual golden thread for planning and coordinating a project, but by streamlining systems and processes into a single repository, you’re able to more easily secure and protect all associated information. Utilising a single platform also offers communication between previously disconnected functions or organisations, resulting in higher productivity and efficiencies and presents an opportunity for greater governance over that information.
As critical infrastructure becomes more complex and reliant on networks of connected devices and we continue to have the need to organise and secure high volumes of data, companies should turn to one secure platform, and build privacy into their data operating models by default, or partner with a company that can protect them from data breaches.
If you have any questions regarding security and our platform and how we can help you visualise your project information then please feel free to get in touch with our team at email@example.com. Or alternatively, you can watch our on-demand webinar on data security.