IFCA becomes the first CSIC center and the first center within the EGI.eu Federated Cloud to obtain this qualification, after having passed the audit process within 6 months
December 3th, 2021
Information is, as stated by the
Asociación Española de Normalización y Certificación (AENOR), one of the main assets of organizations, since much of it is accessible and circulates freely on the network. And in this sense, raising awareness among public and private entities about data security at a national level is key.
For six months now, the Instituto de Física de Cantabria (IFCA), a joint center of the Universidad de Cantabria (UC) and the CSIC, has been working on obtaining ISO 27001 security certification, a security standard that guarantees the center's commitment to its computer systems. This translates into the intense personal and professional effort demonstrated by the Infrastructure Group of the Advanced Computing and e-Science Service of IFCA: Aida Palacio, systems administrator, Miguel Ángel Núñez, CPD maintenance technician and Ibán Cabrillo, responsible for Advanced Computing services; generating large volumes of documentation, defining policies and procedures in accordance with the standard, and which has resulted in the achievement of this certificate, thanks to the application of good practices and risk reduction.
After passing a process of audits with AENOR,
the center has managed to obtain its ISO 27001 certificate in security in only half a year, which implies the implementation of a continuous improvement in security management, a correct evaluation of this, as well as its documentation, thus facilitating learning of the new team members in that matter. (The certifications obtained so far can be consulted on
the group's website).
Thanks to this recognition, IFCA becomes the first CSIC center and the first academic center within the EGI.eu Federated Cloud (EGI Federated Cloud), to obtain this qualification. It also makes it possible to highlight the institute within qualifications for the different European projects's calls, in which it participates.
Protecting information security
Protecting security and privacy of information and data is a fundamental task to ensure the correct development of a center. The greater the value of information and its privacy, the greater the risks associated with its loss, deterioration, improper or malicious manipulation as a result of an incident or breaches in security or privacy. Therefore, this recognition ensures that IFCA, as a research institute, "adequately manages the most common risks associated with a type of infrastructure such as computational computing, including secure access protocols, management and control of users and services, disaster response procedures (BCPs), whether of natural or human origin, and also a proper documentation and review of all processes and measures taken to achieve certification.
Quality certification
In addition to this security seal,
last September IFCA obtained the ISO 9001 quality certificate, which shows that the IFCA Quality Management System, and specifically the Advanced Computing service, is correctly implemented and continues to be maintained in accordance with the standard, managing with quality the development of its activities in a process of continuous improvement, and with the aim of guaranteeing laboratories and services of excellence to make them available to society.
