How to take on risks and threats in the digital era

The Spanish Certification and Standardization Association AENOR and GMV have recently taken part in a conference to debate the new ICT risks, threats and challenges now facing organizations in the digital era, especially in the pandemic we are all now living through. Special stress was laid on the importance of bringing in and certifying new ISOs to lever the necessary levels of security, trustworthiness and resilience for tackling the challenges thrown down by current and future crises, thus ensuring a solid digital transformation in line with business goals.

Boris Delgado, AENOR’s Certification Manager, presented the ICT Confidence Platform (Plataforma de Confianza TIC) as a solution to the ICT risks of today and tomorrow. This platform forms part of AENOR’s Digital Ecosystem, in particular the ICT management and governance model. Its aim is to provide security and confidence ahead of the current and future crises, taking in too the “new normal” with all due guarantees of resilience, continuity and cybersecurity in ICT services and systems.

In Boris’s own words: "These solutions draw on international standards like Information Security ISO 27001, IT Services 20000 , the newcomer on privacy management 27701 and the continuity standard. The aim is to help organizations cope with the current pandemic, ensuring they can meet their business goals and find out how to fend off new risks, in other words to be sure they’re ready not only for today but also tomorrow".

Mariano J. Benito, CISO of GMV ‘s Secure e-Solutions sector, brought GMV’s expertise to the table as a trailblazing firm in the implementation and certification of ISO standards like the new privacy information management standard 27701 . GMV’s own response to the coronavirus pandemic was swift, smooth and fleet-footed. Benito explained "GMV had already evaluated similar teleworking and crisis scenarios so we only had to activate certain tasks that we already had fully planned and prepared. We had anticipated what we might need and identified and solved any security snags that might crop up". The preventive, sustained and thoroughgoing application of security management systems based on international standards enabled us to take on this situation with complete security and confidence.

One of the latest ISO security standards to be published is ISO27701 on privacy information management systems. GMV was the first to obtain and set up this certification under the aegis of AENOR. For GMV ISO27701 meant that GMV was able to implement a company-wide privacy management system based on management systems that were already in place. In the CISO’s own words: "Under the overarching need of ensuring compliance with privacy laws, we could now work with a standard describing how to combine this with our existing management systems". On this last point Mariano Benito highlighted AENOR’s role as auditor: "this has turned out to be fundamental as an independent, solid and professional criterion to ensure our privacy management systems were ISO27701 compliant".

Mariano Benito sees the value of certifications as a chance to ensure that "any business not only abides by the law but can also continually improve the organization and boost its value".