Origin Fractal LXP, a flagship product from Origin Learning, has been conferred with a hallmark certification, the ISO 27001:2013. The Information Security Management System endorsement is in recognition of the company’s consistent efforts towards data security and compliance. 

Through this blog, we would like to take you on our ISMS journey, what it means to the organization, for our customers, employees, and the road ahead.

Let us start from the top. 

What is ISO 27001 and ISMS?

The ISO benchmark in the Information Security Management System is related to data security. Protection of data against all risks, threats, and vulnerabilities. This milestone accreditation adds a new dimension to data security and confidentiality, and the organization will strive to uphold the CIA triad of information security, i.e.., Confidentiality, Integrity and Availability.

Why is data security generating a lot of buzz?

Our cyber presence has increased manifold in the last 20 years. We generate and work with e-data constantly. Data has been a defining force in this era of internet, automation, and intelligence. Further, the implications of data breach are catastrophic – financial meltdown, business cessation, loss of reputation and integrity to name a few. It is unfortunate that we are seeing an increasing number of headlines about how organizations have been severely compromised regarding data security.

Origin Learning is a technology and services company with an impressive list of Fortune 500 enterprises as clients. Our clients’ data with us is of paramount importance, and the ISO adds a new layer of security to protect such data.  

The need for data security at Origin Learning

Although the certification is not obligatory for organizations, Origin Learning assessed it as a critical necessity, especially with the quantum of data available at large. Further, being a beacon for best practices, the ISO 27001 certification cements our efforts towards data protection and compliance. We are proud of the culture of security that we have been able to thus establish within our organization and for all stakeholders.

Additionally, while we have always helped our clients to overcome threats, risks and vulnerabilities, our client interactions frequently brought up conversations about SOPs, and a more structured and well-defined process towards data security. Undoubtedly, clients always look for innovation in our engineering, design and development, and now data security too takes precedence. To address this evolving need from our clients, we sought out on the mission. ISO is an internationally acclaimed standardization benchmark, and achieving this asserts Origin Learning with a significant and strategic advantage over the rest of the pack.

Our ISO certification journey – steps, challenges, and solutions

When we commenced our journey into ISO, the world was oblivious of a looming global pandemic. Data security was looked at from a very different angle. A few months into the process and the landscape changed drastically. Remote work locations or hybrid work models called for a greater emphasis on data protection. The protocols that were set in motion had to be revamped to cater to this immediate requirement that would eventually define businesses as we know today. The ISMS implementation became a launch pad for establishing Work From Home solutions.

• A thorough gap analysis was our first ever step in early 2020. Take stock of the current organizational environment and compare the existing systems and procedures against the protocols defined by the ISO.
• A detailed risk assessment of critical assets followed. 
• It was a massive collaboration effort between all major departments – Information Technology, Quality Assurance, Finance, Human Resources, and Product Engineering Teams to name a few. With resources coming together, all stakeholders were educated properly about information safety and security, and the potential risks posed to our critical assets, if any. 
• An action plan was drawn to mitigate any risks to our assets. The ISO defined a total of over 100 “controls”. Apart from prioritizing these critical controls, we evaluated all others as well.  
• At this time, when COVID had enveloped the world over, we had to pause, review and make changes to our processes to ensure basics were plugged, and raise our level. 
• Controls were then implemented to all our assets by all departments involved. This basically implies that procedures and systems will define each activity, which would help mitigate any risk posed to our asset.
• Physical security parameters had to be completely revamped to address the current situation where employees were working from remote locations, and were not visiting the office premises.
• By November 2020, the complete documentation, and defining safety measures and processes had been completed. This was then rolled out as an ISMS system for employees. It also served as an announcement of sorts, that Origin Learning was ready, and working towards the ISO accreditation. A security awareness course was also rolled out – a basic do’s and don’ts model educating the audience. 
• Evidence gathered from this live environment helped us with the Stage 1 audit in the month of April 2021. Cross-functional audits were put in place to train the internal teams. 
• With the governing body clearing us of all documentation, it was time to look ahead for Stage 2 audit.
  Internally, we decided to address some of the issues that were raised, and measures to plug the same were embarked upon. 
• The Stage 2 audit was conducted in the month of June 2021. Origin Learning cleared this with flying colors as there were absolutely no nonconformities discovered by the audit panel. We were then officially an ISO 27001:2013 certified organization.

It has been a long and process-oriented journey. For any organization, compliance is not easy and involves tedious work. However, it was a conscious smart choice that would certainly give us the edge for all future projects. The certification gave us great insights into streamlining internal processes further, labelling our trail of information. We now have SOPs in place for dealing with data – access controls, visibility of design codes and much more. In the larger canvas of the organization’s business goals and objectives, this hallmark certification captures the spotlight.

Looking ahead

Origin Learning looks at the ISO accreditation as a vital step on our journey towards the highest standards in data security. Compliance and sustaining the defined processes will be the focus. As business landscapes continue to evolve, and cloud data centers garner attention, our own business strategies will change. In our mission to constantly improve standards to drive more clients, we will be adding more such feathers to our repertoire. Soon, we will be pursuing the SOC2 certification. While the ISO has international acclaim, the SOC2 is prominent, specifically in the US market.

Origin Learning Inc. will consistently strive towards the application of defensive technology against all global risks, threats, and vulnerabilities to customer data. The ISO 27001 industry accreditation reiterates a central framework for our clients that offers organization-wide protection to all forms of their information and intellectual property. In effect, Origin Learning and Fractal LXP has simplified data security and its criticality. 

Here is our press release, announcing the ISO 27001:2013 data security accreditation. 

Here’s  the full video with Mr.Shanmugam K., Chief Information Security Officer & VP, Technology at Origin Learning, about data security, ISO 27001:2013, and what it means to all stakeholders.

To know more, write to lxp@originlearning.com