What does ISO 27001 mean for us and our clients?

Written by Craig Bowers

What is the ISO 27001?

The ISO 27001 is an accreditation awarded by the International Organization for Standardization (ISO) which contains a set of high-level standards for handling information securely. This set of standards helps organisations keep their information assets secure.

The cornerstone of the ISO 27001 is the assessment and management of risk. To achieve this certification, a company must design and implement an Information Security Management System (ISMS) containing safeguards to ensure the confidentiality, integrity and availability of every solution they deliver. The ISO 27001 provides requirements for the ISMS, outlines a set of best practices, and details the security controls to manage information risks.

The ISMS doesn’t only address how technology handles information, but also how people and processes within a business can handle information securely. Three key aspects of information handling are crucial to complying with ISO 27001:

  • Confidentiality – Information is only disclosed to authorised parties and only when appropriate

  • Integrity – Information stored and used is accurate

  • Availability – Information is available and accessible when it is needed to help deliver services

This certification proves that we know how to protect the valuable information we use to deliver strategic results for our clients. This means our clients (current and future) can have confidence in our processes and data management, freeing up more time to focus on driving ROI.

What does this mean for our clients?

This certification proves that we know how to protect the valuable information we use to deliver strategic results for our clients. This means our clients (current and future) can have confidence in our processes and data management, freeing up more time to focus on driving ROI.

When our clients don’t have to worry about how we manage data and confidential information, they can focus on how we can drive their bottom line. Everybody wins.

Why did we pursue the certification?

Trust is important to us, and we’re committed to protecting our clients’ data. We believe having the highest standards of information security for ourselves and our clients sets us apart from the competition. That’s why it was important for us to become ISO 27001 certified, not just ISO 27001 compliant.

The ISO 27001 certification provides a framework and checklist of controls that allow us to maintain a comprehensive and continually improving model for information security management. Auditing our processes every six months helps us to stay on top of our information security.

How did we achieve it?

Will, our Operations Director, and Tom, our Technical/Digital Director, spearheaded the campaign to receive this accreditation by conducting a thorough internal audit of our processes. This audit focused on how we handle, process, and secure valuable information to ensure we protect our clients and ourselves. An independent certification body then completed an audit and awarded us the certification.

This audit demonstrated that our ISMS meets the requirements of the ISO 27001 international standard.

Our ISMS includes several controls:

  • Legal controls such as non-disclosure agreements

  • Organisational controls such as our Access Control Policy

  • Physical controls such as alarm systems

  • Technical controls such as antivirus software

  • Human Resource controls such as thorough training

To achieve the certification, we became much more process driven and solutions focused. We have used this to great effect in our project management, development and strategic workflows. Now it’s enabling us to deliver consistent, reliable and meaningful results for our clients.

How will we ensure we keep meeting the standard?

We will be completing full audits every six months to ensure we keep meeting the high standards the ISO 27001 accreditation requires. These periodic audits mean we can be simultaneously maintaining and improving our ISMS.

Get in touch

We want to generate revenue for you. Reach out today and let’s get the ball rolling.