We’re thrilled to announce that we achieved ISO 27001:2013 Certification; the industry-standard specification for information security management.

The certification applies to our entire suite of salary sacrifice services; Cyclescheme and Techscheme.

So, what is ISO 27001:2013? The ISO 27001:2013 family of standards helps organisations keep ‘information assets’ safe and secure. The certification demonstrates that we have put in place a systematic approach to processing, managing, and protecting the sensitive information you and your employees share with us. Below is a short and informative video about the standard.  

Our offices were audited by the British Standards Institute (BSI) over a two-day period in November 2016. In his summary of findings, the Chief Auditor issued a rare commendation for the thorough and effective internal training programme undertaken by our Group Information Security Team, ensuring information security considerations are embedded in our processes and behaviors.

Jeremy Persad, our legal & compliance ‘champion’ who managed the ISO 27001:2013 project locally said “This certification is tangible proof of the regard each and every team member has for the security and value of the data we hold. We all recognise that Personal Data, in particular, is precious and, hence, is consistently handled with care, consideration, and respect.

It also materially demonstrates that the requirements and ‘best practice’ aspects of data protection law are firmly embedded in our processes and thinking in a time where the data security landscape is constantly evolving and subject to growing scrutiny, with ever-increasing responsibilities for Data Processors and Controllers alike”.

On that note, the ISO 27001:2013 project has been the perfect preparation for our 2017 focus on the General Data Protection Regulations (GDPR) requirements that come into force in May 2018. Work is well underway to ensure our systems, processes, and our people are ready for this key legislative update.

The achievement of ISO 27001:2013 Certification also complements our existing 9001:2015 Certification, the equivalent specification for quality management.