Here at Staff Squared, we are have always taken data security extremely seriously. Our customers trust us with their information and in return, it is only right that we take all necessary precautions to ensure that their data is protected in every way possible. With this in mind, we are delighted to announce that as of Monday 14th September, we are ISO 27001:2013 certified.
What is ISO 27001?
ISO 27001 sets the framework for an effective Information Security Management System (ISMS). It sets out the policies and procedures needed to protect organisations and includes all the risk controls necessary for robust IT security management.
The ISO 27001 certification ensures that adequate security controls are in place to protect information and data from being accessed, corrupted, lost or stolen and it allows companies to demonstrate compliance with internationally recognised standards of information security.
While ISO 27001 isn’t a legal requirement, businesses who frequently process and store data are advised to obtain the certification to protect against information security risks.
What are the Benefits of ISO 27001?
Having a valid ISO 27001:2013 certification provides many benefits to both the company and its customers.
Our ISO 27001:2013 certification benefits us by:
- Keeping confidential and sensitive information secure.
- Allowing for the secure exchange of information.
- Ensuring that we meet our legal obligations.
- Helping us to comply with other regulations.
- Managing and minimising our risk exposure.
- Building a culture of security.
- Protecting us, our shareholders and directors.
Our ISO 27001:2013 certification benefits you by:
- Providing confidence that the security of your sensitive data is maintained.
- Building trust between you and us.
- Reducing the risk of your personal information falling into unwanted hands.
How is it Implemented?
In order to obtain an ISO 27001:2013 certification, we had to prove implementation and compliance with the ISO 27001 standard. The principles of ISO 27001 are:
- Defining a security policy.
- Defining the scope of the ISMS.
- Conducting a risk assessment.
- Managing identified risks.
- Selecting control objectives and controls to implement.
- Preparing a statement of applicability.
Implementing ISO 27001:2013 involved 114 specific survey measures which are organised into the following sections:
- Information security policies.
- Organisation of information security.
- Human resources security.
- Asset management.
- Access control.
- Physical and environmental security.
- Operations security.
- Communications security.
- Systems acquisition, development and maintenance.
- Supplier relationships.
- Information security incident management.
- Information security aspects of business continuity management.
This is followed by an on-going 3-stage audit process:
- An informal review of our ISMS, which includes checking the existence and completeness of key documents such as our:
- Security policy
- Risk Treatment Plan (RTP)
- Statement of Applicability (SOA).
- Independent certification audits to check our ISMS meets the requirements specified in ISO 27001.
- Regular reviews and audits to confirm that our organisation continues to comply with the ISO 27001 standard and that our ISMS continues to operate as specified and intended.
We are very proud to be able to share the news of our recently obtained ISO 27001:2013 with you, and look forward to continue working with our customers to provide the best possible service with the knowledge that your information and data is as safe as it can be.