Our previous article on Cyber Essentials highlighted the UK’s attempt to tighten cyber security, and as previously mentioned the cyber essentials scheme was just the beginning.
ISO 27001 2013 is a progression from this; it is the international standard that describes best practice for an information security management system (ISMS). Accredited certification to ISO 27001 demonstrates that an organisation is following international information security best practices.
What this means to us, is that since September 2016, we have been working with QMS to create our own security management system – this is a framework of policies and procedures that includes all legal, physical and technical controls which are involved in our information risk management process – and unlike the Cyber Essential Scheme which requires an organisation to implement all of the guidelines, ISO 27001 2013 is tailored to our organisation – so to be certified and maintain the certification you need to adhere to your own information security management system (ISMS), created by you – and it is this system which you are audited on.
We found that by creating the ISMS it made us examine our internal processes. We now have an audit trail of every procedure that we conduct in the office on a day to day basis. Drafting policies on an array of areas assisted us in identifying gaps that we had in our management process. However, the greatest benefit of drafting the ISMS was that it outlined the expectations of our staff so they now know exactly what is expected of them to ensure we deliver the most consistent and transparent service to our clients; whilst keeping their data safe, and secure.
We also implemented our quality management system late last year and feel ISO 9001 and ISO 27001 go hand in hand; in simple terms, ISO 9001 signifies that we can demonstrate to our customers that the systems we have in place meet the high standards imposed by the International Organisation for Standardisation (ISO).
We must continuously show our commitment to meeting our customers’ needs by operating efficient management processes and delivering quality products and services to our clients.
We are annually audited by a third party to ensure our systems are maintained and any non-conformances are noted for correction, which in turn ensures that we are always evolving, growing and developing as a company.
Gaining ISO 9001 certification puts focus on the client, and ensures that we provide good customer service, whilst assisting us in improving customer satisfaction.
Achieving both ISO 27001 2013 and ISO 9001 certification reiterates that we provide our customers with the most secure environment for their data, whilst providing them with quality care and support.