Moveware System Security
- Michelle Russell
Analytics
Moveware is very concerned with ensuring that our clients use of Moveware satisfies local information and data security requirements. As an information technology supplier we are progressing down the path of obtaining certification in a recognised information security standard. We have chosen ISO/IEC 2007:2013 Information Security Management Systems Requirements.
ISO/IEC 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information risks. The ISMS is an overarching management framework through which the organization identifies, analyzes and addresses its information risks. The ISMS ensures that the security arrangements are fine-tuned to keep pace with changes to the security threats, vulnerabilities and business impact
The standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profits), all sizes (from micro-businesses to huge multinationals), and all industries or markets (e.g. retail, banking, defence, healthcare, education and government).
As part of our path to accreditation we have identified and examined key regulations including the European General Data Protection Regulation (GDPR) , US Military Laws (NIST 800-171), Australian Privacy Act, EU-US Privacy Shield and Canadian Personal Information Protection and Electronic Documents Act.
Importantly though the application of these regulations is highly fact-specific, and whilst Moveware provides a general capability the onus is very much on individual clients to ensure that they comply with their required regulations. To this regard we welcome any feedback on our client requirements and will endeavour to assist as appropriate.
Applicable Requirements, Obligations and Guidelines
ISO9001
General Quality Management System
ISO/IEC 27001
This International Standard has been prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS. General framework required for Australian Government STP
US Military Cybersecurity law (DOD)
Required for Moveware to become compliant with the US Military Cybersecurity Law (DOD).
*Refer to report on New US and EU Laws and Moveware Changes
EU General Data Protection Regulation (GDPR)
The GDPR sets out expanded accountability and governance requirements. The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.