Friday, October 9, 2020

What is ISO 27001?

What is ISO 27001?

Our certification under ISO 27001 provides proof of our ability to keep our customers’ data safe from disasters, disclosure and cyber-crime.

What is ISO?

ISO certifications are awards given to organisations that meet international standards of best practice. They cover key areas such as quality management, information security, the environment and health and safety, and many more besides.

ISO standards are all about doing things the right way, every time. They ensure consistency and set minimum requirements in a range of areas across a business’s processes. That makes the business more efficient and improves the quality of its services and products, and gives its clients the reassurance of a robust third-party certification.

Businesses attain ISO certifications by developing their own policies and procedures in a particular area. Then, an external auditor visits to inspect their work and confirm that they meet the requirements of a standard, and they are awarded their certification. After that, the firm must undergo a triennial re-certification audit to confirm that they’re still compliant, during which they must show that they’re making continuous improvements.

What is ISO 27001?

ISO 27001 provides a blueprint for an Information Security Management System (ISMS). It’s all about ensuring that information is stored and handled in a way that guards against the theft, disclosure, unauthorised access or loss of data. Data loss can be due to anything from a technical fault with infrastructure right through to a major disaster.

An ISMS includes policies and procedures comprising legal, physical and technical controls for information risk management processes. It also covers management responsibilities, internal audits, continuous improvement and corrective and preventive actions. Like all ISO standards, 27001 commits the holder to continuous improvement – an essential in information security, where new threats are constantly emerging.

For a firm’s clients, ISO 27001 provides confirmation that the organisation is committed to safeguarding its own data, and the data of its customers.

The benefits of ISO 27001

Data has become the most valuable asset for many businesses. Everything from day-to-day operations and customer services through to management reporting and planning depends on it. Imagine you lost all of your data at a stroke, right now. How would you go about your business tomorrow morning?

What’s valuable to you is also valuable to hackers, or even your competitors. In 2017, the Institute for Criminal Justice Studies found that as many as 68% of large UK firms have suffered a cyber-security breach. The cost to each firm was £19,600, on average. However, that doesn’t even cover the knock-on effects in terms of lost goodwill and brand reputation – which cannot be replaced at any price.

So it’s no wonder information security is usually one of the first areas clients ask about when we engage with them. As holders of ISO 27001, it’s easy for us to provide them with the reassurance they’re looking for – we just describe, or simply show them, our ISMS.

ISO 27001 demonstrates that our clients’ data – including confidential customer data – will be in safe hands. They know that we have robust, carefully considered plans and processes in place for all possible scenarios. And if disaster should strike, they know that we have the capability to recover quickly, so their own operations hardly miss a beat.

How ISO 27001 is helping right now

The coronavirus crisis has put the spotlight on the need for business continuity plans. ISO 27001 has played a pivotal role in helping us move most of our operations out of our premises and into the homes of our valued employees as quickly as possible.

Our ISO 27001 framework includes our own Business Continuity and Disaster Recovery Plan, which ensures we can easily react to situations including ‘Loss of Directors’, ‘Loss of Telephony Systems’, ‘Loss of Data Storage Systems’, ‘Loss of Power’ and ‘Loss of Access to Premises’. We already had plans for a scenario where our buildings were inaccessible, unusable or even completely destroyed – so in a sense, we’ve been ready for this situation for quite some time.

Actually, this isn’t the first time our ISO 27001 plans have been put into practice. Remember ‘The Beast from the East’ – the awful cold snap in 2018? Our staff couldn’t make it into work – but we had it covered! We simply invoked our ‘Loss of Access to the Premises’ plan and the way forward was clear.

Looking for real reassurance?

If you’d like the peace of mind that comes from working with an ISO 27001 accredited IT provider, get in touch. We’ll be happy to explain how our commitment to information security can benefit you. Contact us on 01603 431200.

 

Back to the blog.