At Carden IT Services, we have recently added to our ever-growing collection of accreditations by becoming ISO 27001 compliant.
Unlike our previously gained ISO 9001 accreditation which focused primarily on quality and consistency of service, ISO 27001 focuses on information security.
We have always had a security-first approach to IT, for both our own networks and our customers’. Through a combination of ransomware protection, multi factor authentication, network antivirus, and other professional cyber-defence measures, Carden IT Services keep your data safe.
For those unaware, ISO 27001 is one of the ISO Quality Management Systems. A quality management system is a set of procedures and guidelines on how to deliver services and maintain consistency across an organisation as well as between different organisations.
ISO 27001 sets out a standard for Information Security Management Systems. In layman’s terms, this means having a defined policy for how we store, protect, and access sensitive data within our organisation.
What Is Actually Covered by ISO 27001?
There are over 100 different stipulations to ISO 27001, covering information security practices from the individual user all the way to the network level, but they can be grouped into several general areas.
Information security policies
Clearly written and communicated information security policies.
Organisation of information security
Assigns responsibilities for specific tasks. Also addresses staff working from home and how to maintain security when accessing our network from different devices or locations.
Human resource security
Ensures that employees and contractors understand their responsibilities.
Concerns the way in which data is classified and assigned appropriate protection measures.
Ensures that members of staff can only view information that is relevant to their role.
Best practices for the use of encryption to ensure the confidentiality, integrity, and availability of the data concerned.
Physical and environmental security
Preventing unauthorised physical access, damage, or interference to our organisation’s premises, hardware, or the sensitive data held therein.
Addresses network security, backups, malware, and data loss prevention measures.
Concerns the security of information in transit. Both within the organisation and between organisations.
System acquisition, development, and maintenance
Sets out security requirements for internal systems which are uniform and can be applied to new systems as the organisation scales or changes.
Deals with the protection of assets which may be accessible by third parties such as our contractors or suppliers.
Information security incident management
A step-by-step process detailing the response to a data breach. Going above and beyond what is legally required by the GDPR.
Information security aspects of business continuity management
Practices for providing a continuity of information security during a business interruption.
This ensures that we identify relevant laws and regulations for our sector.
Why We Have Chosen to Gain ISO 27001 Certification
Cybersecurity is the number one concern among our customers. While we are confident that we have, and have always had, a diligent and highly effective approach to the protection of our customers’ data, we wanted to make our commitment to this official and demonstrate to our new and existing partners that we committed to information security.
Carden IT Services is now ISO 27001 compliant in addition to our existing ISO 9001 compliance (read more about the requirements here), but we’re not done yet! We will continue to demonstrate our high standards to our customers, our suppliers, and ourselves. Watch this space to learn more as we gain further accreditations, certifications and awards.