ISO 271001 is the international standard that certifies an organisation as following information security best practices. Here at Gecko we deal with data. Lots of data. Our clients send us their customer data day in, day out and it’s imperative that they are comfortable that their information is safe. Our ISO 27001 accreditation is our commitment to this and it is something we take very seriously.
What does it mean?
The ISO 27001 standard requires an organisation’s to implement an Information Security Management System (ISMS) so this was our first step in the process. We formalised our existing policies, processes and procedures and. We then improved and added to them by identifying relevant legislation and incorporating its requirements into our working procedures to create our ISMS.
Part of this process was to ensure that our trading partners also discharge their responsibilities of securing any information that we entrust to them. This system underpins our trading relationships with all outside organisations.
New staff attend an ISO induction and refresher courses are run annually for the entire team (and following any changes within the business), so everyone knows and understands their security responsibilities.
We were certified to ISO 27001:2005 in Sept 2011 by BM Trada, an external UKAS (United Kingdom Accreditation Service) accredited certification body and have maintained the standards set at every audit since. We’re planning to upgrade our certification to ISO 27001:2013 in July 2015.
Through a program of internal / external audit, independent & management review we continually improve and refine our ISMS. Our ISMS and its ISO certification formally demonstrates that we will secure all data (including our own sensitive information) entrusted to us by other companies.
So there you have it, ISO27001 is all about giving our clients the confidence they need in our facilities and systems used to process their data.