In today's digital age, cybersecurity is an ever-increasing concern for organizations worldwide. It's imperative to keep sensitive information safe from cybercriminals - especially as a telecom mobile core network. That's why we're thrilled to announce that Working Group Two has achieved the ISO 27001:2022 certification - a globally recognized standard for information security management systems. This latest accomplishment marks a significant milestone for our organization in ensuring the security of our telco core network and edge sites, protecting our customers' confidential data from any potential threats.
Receiving the ISO 27001:2022 certification offers Working Group Two a host of benefits that are critical in today's rapidly evolving digital landscape. Firstly, it provides a robust framework to manage and protect sensitive information from any potential security threats. Secondly, it ensures the implementation of security controls to safeguard against cyber-attacks, data breaches, and other security incidents. Thirdly, it instills trust and confidence in our customers that we take data security seriously and have implemented the necessary measures to protect their information. Ultimately, achieving this certification demonstrates our unwavering commitment to information security and reinforces our position as a reliable and trustworthy partner to our clients.
Working Group Two operates a mobile core network platform-as-a-service, enabling its customers to provide mobile telecom services using its core network. In addition, WG2 builds APIs to drive the programmability of the mobile core network. The scope of the ISO/IEC 27001:2022 certification is limited to the Information Security Management System (ISMS) supporting Working Group Two ASβs Software-as-a-Service (SaaS), Web application products, mobile telecom services in accordance with the Statement of Applicability version 1.0 dated 03/09/2023.
ISO 27001:2022β
ISO 27001 released a new standard in 2022, succeeding their previous version from 2013, making it the newest and most comprehensive security standard that outlines 93 information security controls to safeguard against various risks and threats. These controls cover all aspects of information security, from policies and roles to the use of cryptography and network security. They address critical domains such as access control, authentication, secure coding, application security, vulnerability management, and incident management, to name a few. The standard also emphasizes the importance of compliance with legal, statutory, regulatory, and contractual requirements, ensuring that organizations maintain an up-to-date understanding of their obligations. By adhering to these controls, Working Group Two can significantly reduce its exposure to security risks and safeguard its sensitive data and assets against unauthorized access, theft, or misuse.
ISO 27001:2022 Controls
| # | ID | Name |
|---|---|---|
| 1 | 5.1 | Policies for information security |
| 2 | 5.2 | Information security roles and responsibilities |
| 3 | 5.3 | Segregation of duties |
| 4 | 5.4 | Management responsibilities |
| 5 | 5.5 | Contact with authorities |
| 6 | 5.6 | Contact with special interest groups |
| 7 | 5.7 | Threat intelligence |
| 8 | 5.8 | Information security in project management |
| 9 | 5.9 | Inventory of information and other associated assets |
| 10 | 5.10 | Acceptable use of information and other associated assets |
| 11 | 5.11 | Return of assets |
| 12 | 5.12 | Classification of information |
| 13 | 5.13 | Labelling of information |
| 14 | 5.14 | Information transfer |
| 15 | 5.15 | Access control |
| 16 | 5.16 | Identity management |
| 17 | 5.17 | Authentication information |
| 18 | 5.18 | Access rights |
| 19 | 5.19 | Information security in supplier relationships |
| 20 | 5.20 | Addressing information security within supplier agreements |
| 21 | 5.21 | Managing information security in the ICT supply chain |
| 22 | 5.22 | Monitoring. review and change management of supplier services |
| 23 | 5.23 | Information security for use of cloud services |
| 24 | 5.24 | Information security incident management planning and preparation |
| 25 | 5.25 | Assessment and decision on information security events |
| 26 | 5.26 | Response to information security incidents |
| 27 | 5.27 | Learning from information security incidents |
| 28 | 5.28 | Collection of evidence |
| 29 | 5.29 | Information security during disruption |
| 30 | 5.30 | ICT readiness for business continuity |
| 31 | 5.31 | Legal, statutory, regulatory and contractual requirements |
| 32 | 5.32 | Intellectual property rights |
| 33 | 5.33 | Protection of records |
| 34 | 5.34 | Privacy and protection of PII |
| 35 | 5.35 | Independent review of information security |
| 36 | 5.36 | Compliance with policies. rules and standards for information security |
| 37 | 5.37 | Documented operating procedures |
| 38 | 6.1 | Screening |
| 39 | 6.2 | Terms and conditions of employment |
| 40 | 6.3 | Information security awareness. education and training |
| 41 | 6.4 | Disciplinary process |
| 42 | 6.5 | Responsibilities after termination or change of employment |
| 43 | 6.6 | Confidentiality or non-disclosure agreements |
| 44 | 6.7 | Remote working |
| 45 | 6.8 | Information security event reporting |
| 46 | 7.1 | Physical security perimeters |
| 47 | 7.2 | Physical entry |
| 48 | 7.3 | Securing offices. rooms and facilities |
| 49 | 7.4 | Physical security monitoring |
| 50 | 7.5 | Protecting against physical and environmental threats |
| 51 | 7.6 | Working in secure areas |
| 52 | 7.7 | Clear desk and clear screen |
| 53 | 7.8 | Equipment siting and protection |
| 54 | 7.9 | Security of assets off-premises |
| 55 | 7.10 | Storage media |
| 56 | 7.11 | Supporting utilities |
| 57 | 7.12 | Cabling security |
| 58 | 7.13 | Equipment maintenance |
| 59 | 7.14 | Secure disposal or re-use of equipment |
| 60 | 8.1 | User endpoint devices |
| 61 | 8.2 | Privileged access rights |
| 62 | 8.3 | Information access restriction |
| 63 | 8.4 | Access to source code |
| 64 | 8.5 | Secure authentication |
| 65 | 8.6 | Capacity management |
| 66 | 8.7 | Protection against malware |
| 67 | 8.8 | Management of technical vulnerabilities |
| 68 | 8.9 | Configuration management |
| 69 | 8.10 | Information deletion |
| 70 | 8.11 | Data masking |
| 71 | 8.12 | Data leakage prevention |
| 72 | 8.13 | Information backup |
| 73 | 8.14 | Redundancy of information processing facilities |
| 74 | 8.15 | Logging |
| 75 | 8.16 | Monitoring activities |
| 76 | 8.17 | Clock synchronization |
| 77 | 8.18 | Use of privileged utility programs |
| 78 | 8.19 | Installation of software on operational systems |
| 79 | 8.20 | Networks security |
| 80 | 8.21 | Security of network services |
| 81 | 8.22 | Segregation of networks |
| 82 | 8.23 | Web filtering |
| 83 | 8.24 | Use of cryptography |
| 84 | 8.25 | Secure development life cycle |
| 85 | 8.26 | Application security requirements |
| 86 | 8.27 | Secure system architecture and engineering principles |
| 87 | 8.28 | Secure coding |
| 88 | 8.29 | Security testing in development and acceptance |
| 89 | 8.30 | Outsourced development |
| 90 | 8.31 | Separation of development. test and production environments |
| 91 | 8.32 | Change management |
| 92 | 8.33 | Test information |
| 93 | 8.34 | Protection of information systems during audit testing |
Leveraging automationβ
Working Group Two recognized the need for efficient and effective compliance validation of cloud and edge resources to meet the ISO 27001:2022 standard. The team leveraged automation and the DevSecOps methodology to automate the validation process to achieve this goal. Through automation, the team was able to efficiently validate the compliance of these resources and reduce the potential for human error. The DevSecOps methodology ensured that security was integrated throughout the development and operational processes, resulting in more secure and compliant cloud and edge resources. The combination of automation and DevSecOps allowed Working Group Two to streamline its compliance validation process and ensure that its resources met the ISO 27001:2022 standard.
Responsible Disclosure Programβ
Implementing a responsible disclosure program has been a crucial part in this process, prioritizing wgtwos security of all systems and data. By establishing a clear and easy-to-use reporting mechanism for security vulnerabilities, we can now work with security researchers and other external parties to quickly identify and address potential threats. A successful responsible disclosure program not only helps us to stay ahead of potential security incidents, but also demonstrates our commitment to transparency and collaboration in the broader security community.
Our security speaks for itselfβ
trust.wgtwo.com is a comprehensive platform designed to provide customers and partners with easy access to information about Working Group Two's security controls and certifications. The platform offers a centralized location to access detailed security documentation and certifications, including ISO 27001:2022 compliance, which assures customers that Working Group Two has implemented comprehensive security controls to protect their data and infrastructure. Additionally, trust promotes transparency and trust between Working Group Two and its customers by enabling easy access to relevant security information. With this platform, customers can have a better understanding of the security measures Working Group Two has put in place to protect their information and ensure its privacy. Overall, trust serves as an essential resource for customers and partners who want to stay informed and up-to-date on Working Group Two's security measures and certifications.
We have joined the elite 0.056% of European Companiesβ
22,112,982 EU Companies
12,532 EU Companies with ISO 27001
Now, in May 2023 we are officially ISO 27001:2022 certified! The journey to reach this milestone was definitely challenging but also a rewarding experience. This accomplishment would not be possible without the support of many individuals across the organization - big π
With the high ISO standard, we innovated a security posture via automating the validation of cloud and edge resources. Through our trust.wgtwo.com platform, we have established transparency with our customers and provided them with the ability to download certifications and security documentation.
We are proud that Working Group Two, as one of a few, can display our ISO 27001:2022 certification today, demonstrating to our customers that security is at the forefront of how Working Group Two operates, and is the backbone of our core network.