London, August 26, 2024 – Crown Jewels Consultant Ltd (CJC), the award-winning market data professional services and commercial management provider, is proud to announce it has upgraded its ISO 27001 certification to the latest 2022 standard. The upgraded ISO 27001:2022 certification demonstrates CJC’s consistent commitment to meet the latest information security and compliance with international standards.

ISO 27001:2022 is the latest, globally recognised standard outlining the requirements for an information security management system. The 2022 version required a rigorous external audit of CJC’s information security practices, policies, and procedures. Compared to the 2013 version, it provides an improved systematic approach to managing sensitive company information securely.

Are you and your vendors DORA ready?

Read More: https://cjcit.com/standards/ict-security-standards/

With the EU’s Digital Operational Resilience Act (DORA) enforcement deadline creeping closer, CJC’s upgraded ISO 27001:2022 certification follows through with previously outlined InfoSec plans and the latest CJC cybersecurity initiative to support clients comply with new incoming regulations. Other initiatives include achieving Cyber Essentials Certification in March.

ISO 27001:2022 vs. 2013 improvements:

• Improved Cybersecurity Practices and Threats.

• Strengthened Data Privacy.
• Enhanced Information Security.
• Increased Cyber Attack Resilience.
• Greater Consumer Confidence.
• Robust Confidentiality, Integrity, and Availability Protection.

Evgeny Smirnov, Head of Products and Standards, said, “Achieving the ISO 27001:2022 certification is a testament to CJC’s relentless focus on enhancing our Information Security Management System (ISMS). Over the past few years, we have invested significantly in our systems, governance frameworks, and compliance processes to ensure we meet and exceed the latest industry standards. This upgraded certification not only reinforces our commitment to information security but also ensures that we continue to provide our clients with the highest level of protection and trust in an increasingly complex digital environment. As we move forward, our current focus is on implementing the requirements of the DORA, further aligning our practices with emerging regulations.”

Gina Wee, Chief Information Officer at CJC, said “We are pleased to share that we’ve successfully transitioned to ISO 27001:2022, thanks to our team’s consistent effort and dedication. With the board’s support, colleagues from HR, Business Operations, Security & Governance, IT, and Information Security worked closely together across multiple workstreams to reach this milestone. This achievement reflects CJC’s ongoing commitment to safeguarding our data and adapting to the ever-changing digital landscape.”

– End –

For more information, contact:

The Communications Team

Tel: +44 (0) 203 328 7600 | Email: marketing@cjcit.com

About Crown Jewel Consultants (CJC)

CJC is the leading market data technology consultancy and service provider for global financial markets. CJC provides multi-award-winning consultancy, managed services, cloud solutions, observability, and professional commercial management services for mission-critical market data systems. CJC is vendor-agnostic and ISO 27001 certified, enabling CJC’s partners the freedom to focus on their core business.

About ISO 27001

ISO 27001, formally known as ISO/IEC 27001:2022, is an information security standard created by the International Organisation for Standardisation (ISO), which provides a framework and guidelines for establishing, implementing and managing an information security management system (ISMS).

About the Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act, or DORA, is a European Union (EU) regulation that creates a binding, comprehensive information and communication technology (ICT) risk management framework for the EU financial sector. DORA establishes technical standards that financial entities and their critical third-party technology service providers must implement in their ICT systems by January 17, 2025 (IBM).