.jpg)
The first audit stage at SEIIC's (black boxes) Main Site was completed on 30 October.
All the audits by the British Standard Institute (BSI) concerning the ISO 27001 standard include, among other aspects, the performance of two on-site inspections by auditors from said Institute: first stage and second stage. The activities corresponding to the first-stage on-site inspection took place at INAC's facilities on 30 October.
The observance of the ISO 27001 standard was analyzed. INAC and -particularly- the SEIIC Executive Committee have decided to apply said standard in order to implement their information security management system at their main site (site located at INAC's facilities, where millions of data about cattle slaughter are received from the whole country on an ongoing basis and are then processed).
The first stage of the audit process was successfully undergone, and the SEIIC was able to go on to the second audit stage, which will take place in December. Only three observations were made by the BSI, which are to be solved before the second stage, and all of them are easily solvable problems. These were: (a) to provide in a more detailed language the preventive and reactive actions in the event of security risks, though it was recognized that criteria adopted were enough, (b) a physical minor aspect, and (c) the operation of the contingency plan based on an alternative main site, whose design has already been tested and approved, the revision of its final implementation remaining for the second stage.
At the closing meeting the auditor expressed his positive opinion, stating that he considered the security system of SEIIC's main site was solidly supported, with the appropriate documentation and training, and with a strong support from all the organization levels. Security measures audited included the continuous filming of the access to servers on a 24/7 basis, a strict control of entries to and exits of the area where the site operates, the mechanics of passwords and security software, as well as physical movement routines at the sector, and the opening and closing of places or remote accesses. The security system contains a tool to report and monitor electronic events, for which all the personnel working with the SEIIC has been trained, specially concerning the management of risky or potentially risky events.
The final goal is to obtain the ISO 27001 certification for SEIIC's main site. With this first stage completed, we are half the way there.
At the same time, the last details are being arranged to perform BSI's on-site audit on slaughter plants. Although this is an independent component of the process regarding the main site (given that the audit on plants depends basically on the correct operative of each of them, and on their observance of SEIIC's operative standards) this will allow SEIIC's Executive Committee and INAC's authorities to continue strengthening their ongoing improvement process with the contribution of the opinion of a global top quality third-party expert.
