Improving Information Security with ISO 27001

How can your organisation demonstrate that it has taken the appropriate steps to ensure data management is under control and customer data and third-party information is secure?

For an increasing number of companies worldwide, the first step is to adopt internationally recognised standards such as ISO 27001, which outlines the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). The ever-growing cyber threat to organisations worldwide is behind the increasing trend towards adopting a robust ISMS.

ISO 27001 is an international compliance framework set by the International Organisation for Standardisation (ISO), the world's largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC).

ISO 27001 is designed to help organisations manage their information security processes in line with international best practice while optimising costs.  It provides the specification for managing information security through working arrangements, policies, procedures and other controls involving people, processes and technology to help organisations protect and manage all their data. 

Certification to standards such as ISO 27001 bring a wide range of benefits above and beyond simple certification. According to the ISO 27001 Global Report 2018, 81 percent of organisations implementing an ISMS are doing so to meet growing client demands for increased data security, while 62 percent reported improved staff awareness of information security as one of the key benefits of implementing an ISMS.

Over the past 10 years, the deployment of ISO 27001 has spread significantly.

ISO 27001 certifications have grown the highest in New Zealand (286%), Australia (203%) and China (78%). The top countries in Asia Pacific with the highest growth in volume are China, Japan, India, Australia and the Philippines.

Citadel-IX and ISO 27001

The Citadel Group provides a range of highly secure information management systems to support organisations in complying with international standards for information security.

Citadel’s Content Manager as a Service platform, Citadel-IX, is fully certified to ISO 27001, the international standard for Information Security.

Citadel-IX’s unique value proposition is that it is ISO 27001 certified from end-to-end, whereas many other vendors are claiming ISO 27001 compliance simply by hosting their application on an underlying hosting platform that is ISO 27001 certified.

Popular global cloud hosting platforms specifically exclude applications hosted on their platform from the scope of their ISO 27001 certification. In order to achieve full compliance, vendors must be certified and implement and maintain a rigorous Information Security Management System that addresses all security risks associated with hosting an application in a secure manner.

The security features of Citadel-IX include:

  • A dedicated 24/7 Security Operations Centre based in Australia that provides cyber security protection and detection capabilities
  • A robust Information Security Management System that enforces ISO 27001 standards to ensure a defence-in-depth approach to security including extensive security and access controls to improve privacy for managed content
  • Access controls to the Citadel-IX environment that follow industry best practices using modern authentication methods
  • Secure hosting infrastructure that applies the industry recognised Centre for Internet Security (CIS) Hardening Benchmarks
  • Incident management and response processes that ensure attempted breaches are appropriately handled and acted on in a timely manner
  • Disaster Recovery achieved through geo-redundancy using the built-in Azure services spread over multiple datacentres


For further information visit or contact us at