FRIB passes information security audit and receives ISO 27001 registration

12 November 2018

The FRIB Laboratory has successfully passed its first annual Information Security Management System (ISMS) audit and is now registered to the external ISO 27001 information security standard.

The ISO 27001 standard helps organizations manage the security of assets such as financial information, intellectual property, employee details, and information entrusted to the laboratory by third parties.

Following a two-year implementation period, internal audits, and a desk-audit earlier this year, three auditors from the certification organization NSF International Strategic Registrations (NSF-ISR) completed their four-day on-site audit after visiting various departments within the FRIB Laboratory and interviewing staff members between October 22 and 25. The auditors assessed the FRIB ISMS against the ISO 27001 standard, which has been implemented to secure FRIB’s information and information assets to support the laboratory’s mission. The FRIB ISMS covers both information and information assets and employs a risk-based approach to manage information security needs against external requirements and expectations.

The audit resulted in no major and two minor corrective actions that have been rectified. Following FRIB’s response, NSF-ISR recommended the FRIB Laboratory’s ISMS for registration to the ISO 27001 standard. The external auditors will return for an annual ISMS surveillance audit in 2019.

FRIB operates under an ISO-9001-registered Quality Management System, an ISO-14001-registered Environmental Management System, and an OHSAS-18001-registered Occupational Health and Safety Management System.