This ISO 27001 International Standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the NXP organization. This International Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the NXP organization. The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
The purpose of this certification for NXP is to:
Information is an asset that, like other important business assets, is essential to the business of NXP and consequently needs to be suitably protected.
This is especially important in the increasingly interconnected business environment and in the highly competitive industry in which NXP operates and where the loss or unauthorized disclosure or change of “sensitive” business information, either owned by NXP or disclosed to NXP by its business partners, could be extremely detrimental or in violation with regulatory compliance.
The objective of information security is the protection of information from a wide range of threats to ensure legal compliance with SOx and privacy laws, business resilience, minimize business risk and maximize return on investments and business opportunities.
The Information Security Controls document describes the controls that are applicable for all information systems and processes within the NXP organizations and, in case of outsourcing, for Third Parties. The Information Security Controls, as well as the Information Security Policy, are based on the international standard ISO/IEC 27002.