What is ISO?
ISO is an abbreviation for the International Organization for Standardization.
ISO is an independent, non-governmental, international organisation with a membership of 164 national standards bodies who specialise in bringing together industry experts to develop specifications for products, services and systems to ensure quality, safety and efficiency.
What is ISO 27001:2013?
The 27001:2013 standard is specifically designed for establishing, implementing and maintaining an Information Security Management System (ISMS). It outlines guidance and best practice on how to implement a systematic approach to managing sensitive information.
The ISMS is a framework of policies and procedures that organisations develop in order to keep all of their, and their customers’ information assets secure. If an organisation obtains this standard then customers are assured that they have a robust framework in place.
Organisations that meet the requirements may be certified by an accredited certification body following successful completion of an audit, which measures them against a maximum of 35 security categories.
Why is it important to us?
Information Security is vital in the work that we do for our customers. It is imperative that our customers are assured that we are processing and storing their information assets in a secure manner.
By implementing the ISMS, we provide guidance to all of our staff on how to conduct their daily duties whilst maintaining information security for our customers. We are also demonstrating that we have identified risks, assessed implications and put in place mitigations.
By having this system in place, we have benefitted from increased reliability and improved customer confidence.
What is involved in the accreditation?
The certification is valid for three years. In that time, we are required to conduct annual, third-party internal audits and annual, third-party external audits by accredited certification bodies.
The audits require us to provide evidence that we are adhering to all of the policies and procedures that make up the ISMS. During the audits, we are measured against the full 35 security categories and we have over 180 controls in place.
Our last audits were conducted in early 2019, where we were reissued with the certification for an additional 3 years. We passed these audits with no minor or major non-conformities, providing assurance to our customers that our focus on keeping their information assets secure is as high as it has ever been.
In addition to the audits, we conduct quarterly reviews on any changes made to these controls and risk assess any impacts before the control is ratified.
If you would like any further information on our security practices or compliance in general, please use this link and complete the form. Our staff would be happy to answer any questions that you may have.