ISO 27001 Certificate

Carden IT Services Is Now ISO 27001 Compliant

At Carden IT Services, we have recently added to our ever-growing collection of accreditations by becoming ISO 27001 compliant.

Unlike our previously gained ISO 9001 accreditation which focused primarily on quality and consistency of service, ISO 27001 focuses on information security.

We have always had a security-first approach to IT, for both our own networks and our customers. Through a combination of ransomware protection, multi factor authentication, network antivirus, and other professional cyber-defence measures, Carden IT Services keep your data safe.

What Is ISO 27001?

For those unaware, ISO 27001 is one of the ISO Quality Management Systems. A quality management system is a set of procedures and guidelines on how to deliver services and maintain consistency across an organisation as well as between different organisations. 

ISO 27001 sets out a standard for Information Security Management Systems. In layman’s terms, this means having a defined policy for how we store, protect, and access sensitive data within our organisation. 

What Is Covered by ISO 27001?

There are over 100 different stipulations to ISO 27001, covering information security practices from the individual user all the way to the network level, but they can be grouped into several general areas. 

  • Information security policies
    Clearly written and communicated information security policies. 
  • Organisation of information security
    Assigns responsibilities for specific tasks. Also addresses staff working from home and how to maintain security when accessing our network from different devices or locations. 
  • Human resource security
    Ensures that employees and contractors understand their responsibilities. 
  • Asset management
    Concerns the way in which data is classified and assigned appropriate protection measures. 
  • Access control
    Ensures that members of staff can only view information that is relevant to their role. 
  • Cryptography
    Best practices for the use of encryption to ensure the confidentiality, integrity, and availability of the data concerned. 
  • Physical and environmental security
    Preventing unauthorised physical access, damage, or interference to our organisation’s premises, hardware, or the sensitive data held therein. 
  • Operations security
    Addresses network security, backups, malware, and data loss prevention measures.  
  • Communications security
    Concerns the security of information in transit. Both within the organisation and between organisations. 
  • System acquisition, development, and maintenance
    Sets out security requirements for internal systems which are uniform and can be applied to new systems as the organisation scales or changes. 
  • Supplier relationships
    Deals with the protection of assets which may be accessible by third parties such as our contractors or suppliers. 
  • Information security incident management
    A step-by-step process detailing the response to a data breach. Going above and beyond what is legally required by the GDPR. 
  • Information security aspects of business continuity management
    Practices for providing a continuity of information security during a business interruption.
  • Compliance
    This ensures that we identify relevant laws and regulations for our sector. 

Why We Have Chosen to Gain ISO 27001 Certification

Cybersecurity is the number one concern among our customers. While we are confident that we have, and have always had, a diligent and highly effective approach to the protection of our customers’ data, we wanted to make our commitment to this official and demonstrate to our new and existing partners that we committed to information security. 

Carden IT Services is now ISO 27001 compliant in addition to our existing ISO 9001 compliance (read more about the requirements here), but we’re not done yet! We will continue to demonstrate our high standards to our customers, our suppliers, and ourselves. Watch this space to learn more as we gain further accreditations, certifications and awards.

Author: Dave King

Dave King is the Co-Founder and Director of Carden IT Services and the wider Carden IT Group. Dave has over 18 years’ experience in business IT networks with a focus on IT consultation and disaster recovery planning/testing.