69% of cyberattacks were targeted at businesses in 2021. Hospitals accounted for 11%. The French National Cybersecurity Agency (ANSSI) reports that the rate of cyberattacks has increased exponentially since 2020, with manufacturing now the second most affected sector. Cybersecurity has clearly become a major strategic challenge today.
SOCOMEC takes the safety and security of its products and services very seriously – it is an absolute priority for the company. Our products undergo extensive internal “intrusion” tests at all levels and these processes have recently been validated by SOCOMEC’s acquisition of the international ISO/IEC 27001 certification awarded by the ANSSI through the French standards organization AFNOR. This certification guarantees the security and uniformity of the entire product value chain.
IoT (Internet of Things) products used in industry are at the interface between office networks and customer infrastructure (industrial, healthcare, energy, data centers, etc.). As such, they could be exploited as a gateway for cyberattacks that could have a significant impact on the business such as data loss, production downtime, equipment damage or by exposing the company to ransomware.
The certification guarantees that everything has been done to achieve the best possible level of security throughout the entire software development chain. This also makes it easier to integrate SOCOMEC’s products and services into the customers’ secure systems, guaranteeing the accessibility, integrity and confidentiality of their data.
What does ISO 27001 cover?
Products evolve, their design is increasingly complex and functionalities become more global. Information no longer comes from single, stand-alone products but from a complete system made up of devices, communication networks and information flows that pass through virtualized servers in the Cloud and their associated applications. Services are also affected by cybersecurity threats.
Securing each product individually is not enough. The entire value chain must be taken into account to ensure the most effective level of security. ISO/IEC 27001, therefore, ensures that our employees adopt the right cybersecurity practices and that our suppliers know how to properly use and manage the information they send. It also strengthens customer relations and ensures compliance with the company’s security regulations (data protection, customs encryption, etc.). This certification proves that SOCOMEC meets these requirements via the procedures and organizational systems that have been implemented within the company.
The ISO/IEC 27001 certification is an international standard that applies to all IoT products manufactured by SOCOMEC worldwide.
It is the only recognized standard in this field and first originated in the IT sector before being extended to the manufacturing sector following the increase in cyberattacks on IoT devices, which are a potential gateway to computer operating systems.
ISO/IEC 27001 certification is a guarantee of SOCOMEC’s commitment to protecting its customers. It also covers the needs of critical facilities, which is our core expertise
A rigorous certification process
Aware of the importance of this process and the security implications for its partners, SOCOMEC’s senior management set out to obtain this certification in 2019 via an external audit and the creation of a dedicated IoT cybersecurity unit within the R&D department. The documentation base and cross-functional process, already well-established thanks to our ISO 9001 certification, were applied to this new area of cybersecurity and were commended by AFNOR for its level of maturity, particularly during the first audit.
The final audit, carried out by an AFNOR-approved auditor, took place at the end of 2022 and the certification was granted in January 2023. The process is very rigorous and allows the company’s level of control to be assessed via a thorough review of the documentation, together with supporting evidence and on-site checks. The cross-functional involvement of employees is essential to the implementation of such traceability and the process was supported by external consultants and prior audits. Traceability and control tools have also been developed to monitor security and follow-up.
Having ISO/IEC 27001 certification means that SOCOMEC’s customers can benefit from an approach that is already operational within the company and ensures that this expertise is continuously developed. Certification is awarded for 3 years, subject to an annual internal audit and an annual renewal audit carried out by AFNOR.
SOCOMEC obtains ISO/IEC 27001 certification, a guarantee of the best cybersecurity practices for its products and services
No power? No problem. Powering rural areas with resilient microgrids.