ISO 27001 Information Security
The biggest challenge with addressing any problem is knowing where to start.
Let’s solve this, by introducing ISO 27001 Information Security. This standard offers a systematic means of ensuring that your business is well protected from the most likely threats.
Digital technology has brought many benefits to companies in every industrial sector. It has enhanced productivity, process management and efficiency. In addition, SMEs have found a means to compete with large, established, corporations in a global market and business marketing has been completely transformed.
The benefits of embracing technological advances are expansive, yet there is a flip side. The digital world is fallible. With the promise of financial or political gain, there are individuals and groups who are willing to corrupt the technology, steal information and hold businesses to ransom. High profile cases hit the headlines, but in truth thousands of companies experience cyber breaches every day.
The only way to optimise on the benefits whilst minimising the risks is to put robust controls in place. It doesn’t matter if you are a sole trader, a charity, a leading retailer or a multi-national, if your business relies on digital technology, you need to protect it.
ISO 27001 will help any company to identify security risks and put in place controls to manage those risks.
Below are examples of three organisations who have gained ISO 27001 certification, with details of the difference it has made.
The Channel Tunnel and Crossrail are just two of the projects delivered by British engineering and construction group Costain. When it comes to transport, water and waste infrastructure, they are the specialist in the field.
With prior experience of auditing, implementing and achieving ISO quality standards, Costain viewed ISO 27001 as the next logical step. For one thing, achieving this globally recognised standard was becoming increasingly essential for winning new business and establishing beneficial partnerships for new ventures.
In addition to supporting the future development of the business, they now have systems in place to ensure that commercially sensitive data is better protected. The company reported a 72% reduction in the number of security incidents since implementation in 2010. With the disruption to business minimised, efficiencies and cost savings have been increased.
Costain identified that the engagement of every member of staff was vital. An understanding of the importance of data protection and commitment to new processes was essential for successful implementation.
With a full shopping cart, the online customer proceeds to a payment gateway, where they are asked to input their credit card details. WorldPay is one of those trusted brands that have gained consumer confidence. People are willing to complete the transaction because of this confidence.
WorldPay has gained a positive reputation by accepting a wide range of payment types and establishing a broad geographical reach that can be used by international retailers and customers. Most importantly, it has earned trust by investing in systems that offer no compromise in reliability and security. This includes the implementation of measures that resulted in ISO 27001 certification.
WorldPay processes an average of 31 million mobile, online and in-store transactions per day. The cost of a data security breach to their business (and their customers’ businesses) would be astronomical. They view ISO 27001 as the most effective structure to support their information resilience strategy.
3. Legal Ombudsman
Set up to resolve complaints against lawyers, the Legal Ombudsman deals with around 8,500 cases per year. In every case, protecting the client’s privacy, along with confidential records associated with the dispute, is a priority. ISO 27001 Information Security offered an opportunity to enhance awareness of the risks throughout the organisation.
The organisation saw ISO 27001 certification as a globally recognised means of demonstrating their due diligence and compliance with handling sensitive information.
Since being awarded ISO 27001 certification, the organisation cited a number of benefits, including:
- Improved brand reputation
- Greater client confidence
- Heightened self-awareness among all employees when it comes to data handling
The Legal Ombudsman reported that the support of a specialist ISO consultant was a fundamental asset, especially when carrying out the detailed risk assessment.