May 30, 2018

May 30, 2018 | Devan Brua | Vice President, Compliance and Risk

Since inception in 2008, Spinnaker Support has consistently delivered service the right way. When operational, financial, and legal risk profiles are essential buying considerations, Spinnaker Support is the undisputed smart and safe third-party support choice. As part of delivering Oracle and SAP support the right way, Spinnaker Support has become the only third-party support provider to achieve both ISO 9001:2015 and ISO/IEC 27001:2013 certifications.

The ISO 9001:2015 highlights our firm commitment to quality management principles and demonstrates Spinnaker Support’s commitment to providing consistent processes for our customers under a comprehensive quality management system. Across the world, delivering support from nine regional operations centers, our experienced engineers consistently follow proven processes that drive the industry’s highest customer satisfaction ratings (98.7%).

Confirming our ongoing commitment to maintain data security effectively, we achieved ISO/IEC 27001:2013 certification earlier this year. The ISO/IEC 27001:2013 drives a systematic approach for managing sensitive company information so that it remains secure within our organization’s Information Security Management System (ISMS). This certification spans people, processes, and IT systems by applying a risk management process that is recognized internationally. Our quality management system directly impacts the success of our business and demonstrates our continued commitment to always put the customer first.

What value does the ISO/IEC 27001:2013 certification add for Spinnaker Support customers?

It is imperative that our information security management system integrates with our global processes and overall management structure, and that information security is fundamental in the design of processes, information systems, and controls. These global standards provide a framework for policies and procedures that include all legal, physical, and technical controls involved in an organization’s information risk management processes.

“The ISO/IEC 27001:2013 certification validates our organization’s commitment to deploying an Information Security Management System(ISMS): a system that is supported by our leadership, incorporated into our organization’s culture and strategy, and constantly monitored, updated and reviewed. Following a process of continuous improvement, Spinnaker Support will be able to ensure that the ISMS adapts to change both in the environment and inside the organization – to continually identify and reduce risks,” states Devan Brua, Vice President of Compliance and Risk.

The international acceptance and applicability of ISO/IEC 27001:2013 is a primary reason why certification to this standard is at the forefront of Spinnaker Support’s approach to implementing and managing information security. Spinnaker Support’s achievement of ISO/IEC 27001:2013 certification points to our commitment to respecting intellectual property rights for our customers and our competitors. Obtaining both certifications validates our documented and standardized support delivery processes that meet or exceed the levels specified by ISO – proving Spinnaker Support’s continued investment in our customers and strategic business plans for future advances, like GDPR compliance.

Endorsement for Spinnaker Support’s GDPR Compliance Readiness

The ISO/IEC 27001:2013 certification demonstrates our commitment to GDPR Compliance:

  • Data Encryption – ISO/IEC 27001:2013 encompasses 114 different control measures to reduce information security risks. Data encryption protects confidentiality by delivering the data in an unusable form to anyone that accesses the data internally or externally.
  • Risk Assessment – ISO/IEC 27001:2013 mandates all organizations conduct a full risk assessment to outline possible threats and vulnerabilities, and document steps taken to alleviate that risk.
  • Business Continuity – ISO/IEC 27001:2013 requires organizations to plan out how to protect their information in case of an incident or major disaster.
  • Independent Assessments and Audits – ISO/IEC 27001:2013 mandates that organizations have their ISMSs independently assessed and audited by an accredited certification organization to ensure certification is followed and maintained.

Our continued investment in the ISO 9001:2015 and the ISO/IEC 27001:2013 quality management processes protects our customers and provides consistent, value-added services covering SAP and Oracle support.