Last week we went through our ISO re-certification audit, and we’re extremely pleased to say we passed with flying colours! But what is ISO 27001, why do we have it, and how does it help our business?
ISO 27001 is a specification for Information Security Management Systems (ISMS) and it emphasises the importance of risk management and the ability to deal with any information security-related problems - on top of that, it also gives our clients the confidence that their information is safe in our organisation's hands. The ISMS is a structure of policies that assure all legal, physical and technical processes involved with an organisations information are compliant.
What are the benefits of obtaining ISO 27001 certification?
With the strict certification process, we now have the refreshed knowledge and understanding of how we can protect our private information, this includes assessing the risks so we’re able to mitigate the damage if the information is somehow stolen, It also ensures data can only be modified by authorised users to help with this. Obtaining our ISO 27001 shows clients we've been individually assessed to not only an industry-standard but to an international standard. On top of protecting and managing your confidential data consistently, being certified can also help us avoid financial penalties and losses that are a result of data breaches. According to Infosecurity Magazine, the average cost of a data breach in the UK in 2018 was £2.7m, or £58 per record - ISO 27001 helps organisations manage the protection & anonymity of private information assets, better preparing you for cyber attacks.
How did we obtain our ISO 27001 Certification?
We've had our certification for many years now, however, there's a yearly re-audit we have to prepare for. There are things we do beforehand to prepare ourselves for what’s to come. Important things to do include conducting a risk assessment that is regularly updated and keeps on top of any new kit we may have. This can be carried out by noting assets which can be anything from your staff, equipment and building right the way through to your suppliers and clients. Sadly, it's not that easy! There are many more documents that are being regularly updated such as approved suppliers lists, audit schemes, meetings & reviews.
We’ve found a great resource for checking all the boxes on the official itgovernance website, it shows a rough step-by-step guide on how to work towards getting yourself certified, take a look!