This ISO 27001 International Standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the NXP organization. This International Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the NXP organization. The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
The purpose of this certification for NXP is to:
- Systematically examine the NXP organization's information security risks, taking account of the threats, vulnerabilities and impacts in relation to NXP sites
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable
- Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis ensuring NXP remains compliant with all NXP policies
Information is an asset that, like other important business assets, is essential to the business of NXP and consequently needs to be suitably protected.
This is especially important in the increasingly interconnected business environment and in the highly competitive industry in which NXP operates and where the loss or unauthorized disclosure or change of “sensitive” business information, either owned by NXP or disclosed to NXP by its business partners, could be extremely detrimental or in violation with regulatory compliance.
The objective of information security is the protection of information from a wide range of threats to ensure legal compliance with SOx and privacy laws, business resilience, minimize business risk and maximize return on investments and business opportunities.
The Information Security Controls document describes the controls that are applicable for all information systems and processes within the NXP organizations and, in case of outsourcing, for Third Parties. The Information Security Controls, as well as the Information Security Policy, are based on the international standard ISO/IEC 27002.