ISO/IEC 27001 - Information Security Management

At Zensai/EFI, we are awarded the ISO/IEC 27001:2013 certification for our Information Security Management System (ISMS) used for the provisioning and development of LMS365.

We will review the ISMS policy at least annually to respond to any risk assessment or risk treatment requirements changes. In this article, we will describe ISO/IEC 27001:2013 and Zensai/EFI's certification and commitment to continuously comply with the requirements of the policy.


In this article:


What is ISO/IEC 27001:2013?

ISO/IEC 27001 lays out requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). The purpose of this is to aid organizations to secure their information assets. The requirements of ISO/IEC 27001:2013 are the same for all organizations in all countries.

Achieving the ISO/IEC 27001:2013 certification is, therefore, an acknowledgment of the fact that we handle our information assets in a secure way and in according to standards that are recognized internationally.


Zensai/EFI's certification and commitments

At Zensai/EFI, we have received the ISO/IEC 27001 certification for operating an ISMS that complies with the requirements of ISO/IEC 27001 for the following scope:

"ELEARNINGFORCE International's corporate information security and privacy management system used for the provision and development of a SAAS-Learning Management System (LMS) that provide Course & Content Management, Support Multiple Course Types & Learning Styles, Reporting & Tracking, Training Plans and Certifications & Compliance. This is in accordance with latest version of the Statement of Applicability. Rev 9.0 20230620."

EFI's ISMS is intended to be an enabling mechanism for information sharing, digital operations, and reducing information-related risks to acceptable levels.

With our ISMS, we practice an ongoing commitment to protect the confidentiality, integrity, and availability of all the physical and digital information assets throughout EFI. This is done to preserve the competitive edge, cash flow, profitability, legal, regulatory & contractual compliance, and the commercial image of EFI.

Information and information security requirements will continue to be aligned with these goals of EFI. We are audited against the standard every year by an independent third party and will review the ISMS policy at least annually to respond to any changes in the risk assessment or risk treatment requirements.


What does our ISO/IEC 27001:2013 mean to you as a customer?

The fact that we are awarded the ISO/IEC 27001:2013 certification means that our customers can rely on our secure handling of data.

It means that we act in accordance with best practices for protecting our significant IT assets and data and that we will act promptly and in accordance with required procedures if a situation should arise where data has been compromised.

This also ensures that we only provide access to IT assets when this is needed. As well as it means that we have a security rating and registration of all significant IT assets in place to ensure all assets can be traced back to their owner and that, if a compromise of an IT asset should happen, we will immediately know the gravity and can act accordingly.


Find our ISO/IEC 27001 certification here:

Was this article helpful?
2 out of 2 found this helpful