“Choosing SGS to perform our ISO/IEC 27001 audit was an important decision in our robust digital transformation strategy to further enhance information security, resiliency, and business continuity,” said Mike Petosa, vice president of IT at the American National Standards Institute (ANSI).

With ransomware attacks rising more than 50% in 2021 and signs of even greater cyber risk on the horizon, effective, enterprise-wide cybersecurity must be a priority for every organization.

Demonstrating its strong commitment to information security management and cyber risk prevention, ANSI has been successfully certified to ISO/IEC 27001 (Information Security Management Systems, ISMS) after naming SGS to perform the audit.

“ANSI could have chosen anyone, and we worked determinedly to exceed their expectations, highlighting our innovative people and services,” said Jeffrey McDonald, executive vice president of knowledge solutions at SGS. “We thank ANSI for placing their faith in us, and we were delighted to perform the audit before presenting their certificate.” 

In a survey conducted to evaluate SGS’s customer service, ANSI respondents reported they were “very satisfied” across the board — from response time, professionalism, and communication to organization, punctuality, and technical knowledge.

“Certification to ISO/IEC 27001 was an intensive process for a reason — because it’s the gold standard in information security protection,” said S. Joe Bhatia, ANSI president and CEO. “ANSI’s members, partners and customers can be assured that our commitment to information security is true and tested. With this certification in place, ANSI is working to future-proof our business against ever-increasing security threats while increasing our ability to grow and prosper in the rapidly changing business environment.”

“We are recognized as the global benchmark for quality and integrity, and this work highlights our professional approach, high standards and global information security credentials,” McDonald said.

Why ISO/IEC 27001 certification?

ISO/IEC 27001 certification highlights the integrity of an organization’s data and systems, and its commitment to information security. 

The standard specifies the requirements for establishing, implementing, maintaining, and continually improving an ISMS for safety and security. It also includes requirements for assessing and treating information security risks, tailored to the organization.

ISO/IEC 27001 certification enhances credibility; reduces risk of fraud, information loss, and disclosure; demonstrates system integrity; transforms business culture; creates new business opportunities with security-conscious customers; and instills a stronger notion of confidentiality throughout the workplace.