Skip to main content

Certification Scope & Process Summary

INTRODUCTION

In order to interrelate and coordinate information security protection activities, Cryptolab S.A.S. needed to establish its own information security policy and objectives. Once the information security objectives were set, Cryptolab S.A.S. needed to ensure the way to achieve them effectively, in short, an Information Security Management System or ISMS in its abbreviated form. Therefore, an ISMS consists of the set of policies, procedures and guidelines along with associated resources and activities that are collectively managed by Cryptolab S.A.S., in the quest to protect its critical information assets. An ISMS from the vision of the international standard ISO 27001 is a systematic approach to establish, implement, operate, monitor, review, maintain and improve Cryptolab S.A.S.'s information security and achieve its service objectives. The term information security is generally based on the fact that information is considered an asset that has a value that requires adequate protection, such as against loss of Availability, Confidentiality and Integrity.

CERTIFICATION

The certification audit was based on the verification of the design of the Management System based on the compliance and effectiveness of the requirements of the ISO 27001:2013 reference standard, in order to grant the certification of the Information Security Management System.

SCOPE

Design and development of the ''Xcapit Wallet'' application for access and operation with blockchains, web 3.0, metaverses, decentralized finance and cryptocurrencies.

The organization had to first determine what it needed to have the greatest benefits from an implementation of an ISMS according to ISO 27001:2013 and from there it worked to identify the people, processes, systems and data that were included in the scope of the ISMS.

The scope of the Information Security Management System (ISMS) of Cryptolab S.AS. was defined through a study of the situation and consulting with experts to determine and identify what information was to be protected.

At this point the definition of the scope had its importance and was fundamental because it took into account the responsibility for the protection of information regardless of where, how and who accesses it.

The definition of the scope is a requirement (of mandatory nature) described in clause 4.3 of ISO-27001:2013, so the characteristics of this requirement are intended to make clear