Breaking news at Cloud Business HQ. We’re delighted to announce that we’ve secured ISO 27001 certification after many months of hard work by the team. Regular readers of our blog will know that we take information security very seriously – we regularly feature information security issues here – ISO 27001 is another step in demonstrating this and ensuring best practice.
What is ISO 27001?
This is an international recognised best practice standard for information security, and is highly relevant for those organisations like us working in the IT sector where the protection of information is critical.
It’s also highly appropriate for organisations that manage high volumes of data and information on behalf of clients, such as in datacentres, making it even more relevant to Managed Service Providers like ourselves.
The main objective of the ISO 27001 standard is to establish and maintain an effective Information Security Management System (ISMS), using a continual improvement approach. The standard requires that we systematically examine any risks to the organisation’s information security and put in place comprehensive policies to manage those risks of which we have control over.
ISO 27001 is a proactive approach to managing risk and securing data and information, planning ahead and pre-empting threats rather than reacting to threats when they happen.
In demonstrating that we comply with this standard, Cloud Business has designed and implemented a set of controls and measures to manage any threats to data and information assets, as well as refining existing systems to comply with standards. Going forward we will maintain and continually improve these as new threats emerge and new solutions and systems are developed.
The benefits to our clients are:
- ISO 27001 increases the security of their confidential information,
- It gives clients and stakeholders confidence that we are managing risk,
- It improves the secure exchange of information internally and externally,
- It helps our clients comply with regulations impacting on their business,
- It improves the consistency of the delivery of our service to our clients,
- It manages and minimises risk exposure for clients and ourselves,
- It builds a culture of security within Cloud Business that will also be communicated to our clients through our day-to-day contact with them.
What happens next?
Having achieved ISO 27001 we now have to maintain it and part of this is the continual improvement element. This means we will be regularly reviewing our information security management system and updating our controls and measures as appropriate. We will also undergo regular surveillance audits by the Certification Body, as well as a full audit every 3 years.
While our ISO 27001 certification will benefit your business, if you work with us, you may also be interested in achieving this certification yourselves. We have helped other organisations, such as Experian Data Quality, achieve ISO 27001. You can read a case study on this ISO 27001 project here >