ISO 27001 Alignment
Overview
At OCFR Gemba, information security is a core operational priority.
While OCFR Gemba is not currently ISO/IEC 27001 certified, our information security practices are aligned with the principles and control objectives of the ISO/IEC 27001 Information Security Management System (ISMS) standard.
1. What ISO/IEC 27001 Is
ISO/IEC 27001 is an internationally recognized standard that provides a framework for:
- Establishing an Information Security Management System (ISMS)
- Managing information security risks
- Protecting confidentiality, integrity, and availability of information
- Implementing continual improvement processes
2. Our Approach to ISO 27001 Alignment
OCFR Gemba aligns its security practices with ISO 27001 by:
- Applying a risk-based approach to information security
- Defining policies and procedures for data protection
- Assigning responsibility for security governance
- Integrating security into operational processes
3. Risk Management
Consistent with ISO 27001 principles, we:
- Identify potential information security risks
- Assess risks based on likelihood and impact
- Implement appropriate controls to mitigate risks
- Review and update risk assessments periodically
4. Information Security Controls
Our controls align with the intent of ISO 27001 Annex A categories, including:
- Access control and user management
- Secure handling of information assets
- Protection against unauthorized access
- Operational and system security measures
- Supplier and third-party security considerations
Controls are implemented based on relevance and risk, not as a checklist.
5. Policies & Procedures
We maintain documented internal practices addressing:
- Information security responsibilities
- Acceptable use of systems and data
- Data classification and handling
- Incident management and escalation
- Business continuity considerations
6. Incident Management
In alignment with ISO 27001 guidance, we:
- Maintain procedures to detect and respond to security incidents
- Document incidents and corrective actions
- Review incidents to support continual improvement
- Comply with applicable legal and regulatory notification requirements
7. Supplier & Third-Party Security
When working with third parties:
- Security considerations are evaluated during vendor selection
- Access to data is limited to necessary purposes
- Appropriate contractual safeguards are applied where required
8. Training & Awareness
Information security awareness is supported through:
- Defined security responsibilities
- Awareness of data protection obligations
- Reinforcement of security best practices
9. Continuous Improvement
Consistent with ISO 27001 principles, OCFR Gemba:
- Periodically reviews security practices
- Adapts controls based on risk and operational changes
- Incorporates lessons learned from incidents and assessments
10. Relationship to Other Compliance Frameworks
Our ISO 27001 alignment supports compliance with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA/CPRA)
- Internal security and governance requirements
11. Disclaimer
This page describes alignment with ISO/IEC 27001 principles and does not represent formal certification. Certification requires independent third-party audit and verification.
11. Contact Information
For questions regarding our information security practices: