ISO 27001 is an international standard that provides the specification for an Information Security Management System (ISMS). If a company is ISO 27001 accredited it means they have met the international best practice standard.
The process of becoming accredited allowed us to review, update and document our information security systems and practices to meet international best practices. This enables us to give all our partners and clients the confidence that their data is being handled securely.
A key part was to demonstrate that the entire organisation is aware of the importance of data security, understand the procedures that are in place across the business and demonstrate our commitment to ongoing improvement of information security.
We received ISO 27001 accreditation in May 2019.
In order to achieve ISO 27001 accreditation we assessed how we protect and manage all data. We identified that we should protect the 3 key aspects of the information we hold; the Confidentiality, Integrity and Availability.
Confidentiality - the client needs to know why we are requesting the information, and that it won't be disclosed to the wrong people or processes.
Integrity - ensure the data collected is complete and accurate and is then protected from corruption so that the whole file can be accessed.
Availability - our systems allow access to the information when an authorised user needs it.
It also means that you can be confident any data we hold on you or your customer is held securely and is processed following international standards.
Find out more information on the Approachable Certification.
For more information about the work we did for ISO 27001 accreditation please contact Ryan Mustchin, Head of Compliance & Agency on 01243 791039.