After two years of continuous effort, OBI has successfully established an Information Security Management System and recently obtained ISO/IEC 27001 certification. SGS Group, responsible for the verification, specially designated Mr. Sidney Ho, Director of Operations, to represent them. On November 10th, a certification ceremony was held at OBI headquarter in Taiwan, where Dr. Heidi Wang, the CEO of OBI, received the certificate.
ISO/IEC 27001 is currently the most widely adopted international standard for Information Security Management Systems (ISMS). It ensures that companies can effectively identify, manage, and reduce information security threats and risks to ensure the quality of information security management and enhance competitiveness.
Dr. Heidi Wang pointed out the significance of this certification, stating, “It is not just a piece of paper, but it represents OBI unwavering commitment. Whether for customers, partners, or employees, OBI is dedicated to maintaining the confidentiality, integrity, and availability of information, creating a secure operating environment for everyone.”
She emphasized that obtaining ISO 27001 certification is just the beginning, and in the future, “we will continue to adhere to international information security standards, enhance internal consensus on information security, strengthen risk assessment and policies, and optimize control processes to perfect the best information security system.”
【About ISO/IEC 27001】
ISO/IEC 27001 is a standard for Information Security Management Systems, explicitly specifying the requirements for establishing, implementing, maintaining, and continuously improving an organization’s Information Security Management System. ISO/IEC 27001 certification includes the following covered security domains, all of which OBI Pharma, Inc. has been verified to comply with:
- Information Security Policies
- Organization of Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control
- Information Systems Acquisition, Development, and Maintenance
- Information Security Incident Management
- Business Continuity Management