SGS presents the ISO/IEC 27001 certificate to Hip Hing Construction Co Ltd
Companies in the construction industry produce and manage a large amount of highly-sensitive data including building models, contracts and legal documents, drawings, commercial and personal data. To protect a strong brand, we need to mitigate all vulnerabilities and prevent cyber-attacks.
SGS is glad to present the ISO/IEC 27001 Information Security Management Systems certificate to Hip Hing Construction Co Ltd (Hip Hing). The standard provides Hip Hing with robust information security controls covering a range of domains, from physical security to human resource security, from application development to business continuity, etc. By certifying to this international standard, Hip Hing shows that their planning, implementation, monitoring and continuous improvement of information security has reached the international benchmark of security management.
Neil Roberts, General Manager (Administration) of Hip Hing said: “The company's top management and I are delighted that we have reached this stage in the journey, and will be receiving today the certificate confirming that our Information Security Management System (ISMS) complies with the requirements of ISO/IEC 27001. We recognize however, that this is not the end of the journey, merely the end of the first stage. From here we will be looking to extend the coverage of our ISMS into other parts of our operations.” And he shared some more ideas about obtaining the standard as below.
What are reasons for applying the certification of ISO/IEC 27001?
“As our industry and our business became ever more reliant on data and information, we recognized the need and so embarked on the journey of establishing an ISMS that would be ISO compliant and ultimately ISO certified. We chose to develop an ISO 27001 Information Security Management System (ISMS) to enable us to protect our information processing facilities and our information.“
What is the importance for construction industry to comply with an ISMS?
“Anyone involved in a construction project will be very aware of the fact that they create and process a lot of data, and produce a lot of information. There are many parties involved in construction contracts, and because of that information security is obviously a very important issue that surrounds construction projects.“
What benefits can you identify after complying with ISO/IEC 27001?
“The basic goal of ISO/IEC 27001 is to protect three aspects of information, namely:
- Confidentiality: only the authorized persons have the right to access information.
- Integrity: only the authorized persons can change the information.
- Availability: the information must be accessible to authorized persons whenever it is needed,
and prevent security incidents from happening. The benefits of developing an ISMS is that these goals are achieved in a systematic and cost-effective way.”
What challenges did you encounter when managing your company in developing programs aimed at the information security? And how did ISO/IEC 27001 help?
The development and implementation of an ISO/IEC 27001 certified ISMS provided the framework around which we defined our information security processes and procedures. It also will enable us to review and keep them up to date. This in turn will enable us to eliminate risk, but in the event of an information security incident, we will be able to react by deploying well defined, tested and trusted response measures.”
How SGS can help and the reason for choosing SGS?
“SGS provides world-leading certification services which enables us to demonstrate that our processes and systems are compliant with international standards. We recognized their professionalism and their experience, and this was evidenced by the process we’ve been through. SGS conducted themselves in a very professional manner and we were delighted to work with them.”
SGS CERTIFICATION AND TRAINING SERVICES
SGS believes that rigorous and professional independent assessment services can help customers increase new business opportunities. SGS offers a variety of management system certification-related services, including certification audits and training courses. To inquire about any management system certification or related information, please contact us.
Get a 10% discount by enrolling a SGS Academy training course online now.