GCS becomes first school district to earn ISO/IEC 27001:2013 certification for cyber security
On this Data Privacy Day (Jan. 28), we are happy to share that Greenville County Schools recently became the first school district in the nation to earn ISO/IEC 27001:2013 certification for information security. This rigorous certification process specifies the requirements for establishing, implementing, maintaining, and continually improving information security management.
ISO is an independent, non-governmental international organization with a membership of 165 national standards bodies. Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges. Founded in 1906, the IEC (International Electrotechnical Commission) is the world’s leading organization for the preparation and publication of International Standards for all electrical, electronic and related technologies. These are known collectively as “electrotechnology.”
GCS began the process of achieving Accreditation in 2015. A two-stage audit process was completed in July 2020 and certification was granted on September 14. Stage 1 of the audit included a review of the District’s Information Security Management System’s documented information, an evaluation of site-specific conditions, and a review of objectives and key performance indicators, as well as equipment, levels of control, and statutory/regulatory requirements. During Stage 2 of the audit process the implementation and effectiveness of the Information Security Management System was evaluated, and the Certification Body determined the degree of compliance with requirements and identified any non-conformances that needed correction. In the case of the GCS audit zero non-conformances were identified, thereby paving the way to Accreditation.
In short, achieving ISO-IEC 27001:2013 certification confirms that Greenville County Schools:
- protects information from getting into unauthorized hands;
- ensures that information is accurate and can only be modified by authorized users;
- assesses the risks and mitigates the impact of a breach; and
- has been independently assessed to international standards based on industry best practices.