GDS Africa
Trust & Compliance

ISO/IEC 27001 — Information Security

A certified, risk-based information security management system — so the confidentiality, integrity and availability of your data is protected by design, not by promise.

ISO/IEC 27001 International standard

ISO/IEC 27001 — Information Security Management Systems

Awarded / governed by International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC)

What it is

About the accreditation

ISO/IEC 27001 is the leading international standard for an Information Security Management System (ISMS). Rather than prescribing a fixed checklist, it requires an organisation to identify its information security risks and apply a managed set of controls — covering people, processes and technology — to reduce them to an acceptable level.

The standard is anchored on the three pillars of information security: confidentiality, integrity and availability. Its reference controls span access management, cryptography, operations security, supplier relationships, incident management and more. Certification by an accredited body confirms that the ISMS is not only designed but operating effectively, with periodic surveillance audits.

In practice

How GDS Africa applies this

GDS Africa runs an ISMS to protect both our own information and the customer and project data entrusted to us. We assess risk before an engagement begins and apply controls proportionate to the sensitivity of the data and systems involved.

In practice this means least-privilege access to customer environments, encryption of data in transit and at rest, monitoring and logging of activity, a documented incident response process, and security due diligence on the suppliers and platforms we build on. Security is embedded in how we deliver — particularly relevant to the cybersecurity, cloud and managed services we provide.

What we do

  • Risk assessments performed before and throughout each engagement
  • Least-privilege, role-based access to customer systems and data
  • Encryption of sensitive data in transit and at rest
  • Activity monitoring, logging and a documented incident response process
  • Security awareness training for staff and security review of suppliers and platforms

For our customers

What this means for you

  • Your data's confidentiality, integrity and availability are protected by audited controls
  • Demonstrable security posture you can reference in your own audits and compliance work
  • Reduced supply-chain risk from a partner that takes information security seriously
  • Faster, more disciplined response if a security incident ever does occur
← All accreditations & certifications

Let's work together

Talk to our team about cloud, security, networking or managed services for your business.

Get in touch