We are extremely pleased and excited to announce that we have recently become ISO 27001 certified!
This international standard is designed to assure organisations manage information security risks appropriately, ensuring that data is kept both protected and available. It does so by formally specifying a system of controls, known as the Information Security Management System (ISMS), that mandates precise requirements, which can then be audited by external independent bodies and certified compliant - or not as the case may be!
In particular, the standard requires the examination of an organization’s information security risks, in order to allow for the design and implementation of safeguards, both technical and management process related, to prevent such risks from occurring.
Achieving this certification demonstrates that information security is of the utmost importance to us, and we handle and protect sensitive data with great care and confidentiality, employing best practices to minimize such threats. It allows our clients to rest assured, right from the beginning of our partnership, that their security concerns are our security concerns.
What we’ve learned
Going through the certification process itself was of benefit to us in a number of ways. Through the process of more formally documenting our procedures, we’ve gained a higher awareness of our roles when it comes to data protection. We understand more deeply the responsibilities and expectations of all parties involved in this area, especially within the company, and we have a greater appreciation of our daily tasks as they relate to information security.
It has also made us more transparent, and since our employees must now sign documentation indicating that they understand these rules and procedures, we can guarantee that people are more aware of threats and of their individual responsibility for work activities.
We feel that becoming certified will help us to grow, and it’s given us a sense of accomplishment in being able to achieve another goal we set for ourselves. We view it as a recognition of the level of professionalism that we are constantly driven towards. By doing such things as risk assessments, monitoring, measuring, and internally auditing our system, taking any corrective actions that are needed, we ensure that managing information security risk is woven into the fabric of all of our business activities.