Who Should Care About ISO 27001?

Posted on July 1, 2024 by Gento

Whenever data center operators or other companies that employ mission-critical services purchase a product to go in their data centers, there’s a tick-in-the-box exercise to confirm that the product conforms to various international standards and certifications. For example, our Raritan PX4 Rack PDUs have been tested and conform to FCC Part 15 Class A, UL and cULs, IEC 62368, CE, UKCA as standard certifications. (Additional certifications are available). 

That’s great, but to be honest, most people don’t particularly care very much about standards compliance. They need to verify that the product they’re buying has been certified, to be sure, but the bar is fairly low and, most products meet the requisite standards. 

So why are we announcing our recent achievement of ISO/IEC 27001:2013 certification for our Data, Power & Control division (DPC)? 

To put it simply, it’s an entirely different certification…and it should matter to every single customer. 

Whether or not, all of us live in a world of threats. Bad actors penetrate organization after organization, stealing confidential information, gaining control over mission-critical systems, and even locking down entire organizations unless a ransom gets paid. Malware, hacking, phishing, ransomware and the like threaten all of us -- and the global cost of a data breach today, according to IBM, exceeds $4.5 million. 

Today’s organizations must spend money, time, and effort reducing the chances that their IT infrastructure can be hacked. They’re in an arms race with bad actors, and every day, there’s a chance of a crippling attack that could turn into a disaster. To make matters worse, data centers are more complex, and involve more technologies from more vendors than ever before. Imagine what could happen if an obscure but network-connected third-party component, like a PDU, turned out to be compromised in some way…and was used as the backdoor for an attack.  

Legrand takes this possibility seriously. We know that you need to stay safe and secure. That’s why we have implemented 114 process controls in our engineering group to gain proof of official ISO 27001 compliance from one of the world’s leading certification bodies, Bureau Veritas — a globally accredited specialist in testing, inspection and certification services, who just issued Legrand’s certification upon completing a formal audit process. 

But what is ISO 27001? ISO/IEC 27001:2013 is an information security standard published by the International Organization for Standardization (ISO), the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC).  

Why does ISO 27001 matter? ISO 27001 certification demonstrates that Legrand manages security risks in our operations and processes -- to ensure that our products don’t introduce additional risk to your data centers. With ISO 27001 compliance, you have an added level of trust in our hardware and software, by validating that Legrand’s processes: 

Reduce the Risk of Security Breaches: ISO 27001 compliance indicates that we have a documented Information Security Management System (ISMS). This translates to a focus on identifying and mitigating security vulnerabilities in our products and development processes. This can minimize the risk of malicious code or security flaws ending up in your PDU, or any other component from Legrand. 

Increase Trust Through Secure Development: Legrand adheres to best practices for secure development. We have measures in place to control access to sensitive information and development tools, reducing the chance of unauthorized modifications or vulnerabilities introduced during the creation of your PDU. 

Support Your Security Regulations: Many industries have data security regulations. By using ISO 27001-compliant equipment, you demonstrate a commitment to data security, which can help you comply with relevant regulations. 

Overall, choosing Legrand, an ISO 27001-compliant manufacturer for your data center equipment adds a layer of security assurance. It shows that we have a proactive approach to information security, potentially reducing risks and giving you peace of mind. And the certification covers the protection and security of the software and firmware developed by Legrand for connected devices, embedded systems, and IT systems in the DPC R&D centers in Somerset, NJ, Reno, NV, Canonsburg, PA and Zwickau, Germany, including the brands Raritan®, Server Technology®, and Starline®.  

Gaining ISO 27001 certification is consistent with our approach to raising the bar on our operational excellence. Legrand already adheres to NIST and ISO standards (including ISO 9001 and ISO 14001) as well as incorporating additional vulnerability and penetration testing for our network-connectable products. 

As a global supplier to some of the most secure data centers in the world, we take security seriously, and we’re proud of putting in years of effort to meet international standards that reduce your risks. We’re here to keep you safe. To learn more about Legrand’s commitment to ISO certification, visit our certification page.