We’re thrilled to announce that we achieved ISO 27001 Certification; the industry standard specification for information security management.
So, what is ISO 27001? The ISO 27000 family of standards helps organisations keep ‘information assets’ safe and secure. The certification demonstrates that we have put in place a systematic approach to processing, managing, and protecting the sensitive information you and your employees share with us. Below is a short and informative video about the standard.
Our offices were audited by the British Standards Institute (BSI) over a two-day period in November 2016. In his summary of findings, the Chief Auditor issued a rare commendation for the thorough and effective internal training programme undertaken by our Group Information Security Team, ensuring information security considerations are embedded in our processes and behaviors.
Jeremy Persad, our legal & compliance ‘champion’ who managed the ISO 27001 project locally said “This certification is tangible proof of the regard each and every team member has for the security and value of the data we hold. We all recognise that Personal Data in particular is precious and, hence, is consistently handled with care, consideration, and respect.
It also materially demonstrates that the requirements and ‘best practice’ aspects of data protection law are firmly embedded in our processes and thinking in a time where the data security landscape is constantly evolving and subject to growing scrutiny, with ever increasing responsibilities for Data Processors and Controllers alike”.
On that note, the ISO 27001 project has been the perfect preparation for our 2017 focus on the General Data Protection Regulations (GDPR) requirements that come into force in May 2018. Work is well under way to ensure our systems, processes, and our people are ready for this key legislative update.
The achievement of ISO 27001 Certification also compliments our existing ISO 9001 Certification, the equivalent specification for quality management.