ISO/IEC 27001:2013 (also known as ISO 27001) is the international standard for information security. It sets out the specification for an Information Security Management System (ISMS) and has worldwide recognition. The ISMS’s standard’s best-practice approach helps organisations manage their information security by addressing people, processes, and technology.
Our CEO, managers and Information Security Officer began the journey to acquire ISO 27001 certification in May 2018.
During conversations with our customers, prospects and integration partners, the importance of ISO 27001 became apparent. We were doubly motivated as the future proofing of technology has always been at the forefront of our product development strategy. Having the ISO 27001 certification also offered a simpler route for ourselves and potential customers when it came to requests for proposals, as we were able to skip 180-200 information security questions saving us and our potential customers time in the procurement process.
At MoveAssist we were eager to attain the credentials as quickly as possible. We began the process of gaining the accreditation in May 2018. We booked our Stage 1 assessment in November 2018, which was swiftly followed by the Stage 2 assessment in December 2018. We were delighted to formally receive our ISO 27001 certification on the 21st February 2019, after a total period of 10 months from start to finish.
The ISO 27001 is relevant to any global mobility technology solution because of its inherent need to capture personal information of employees such as salaries and passport details and much other personal information relating to the employee and their families. To our clients the certification provides demonstrable assurance regarding the security of information. To us, as a company, it assists with our future growth, ensuring we are always a few steps ahead and our solutions exceed market expectations.
There are many ISO standards. An example of other popular standards is:
By pursuing the certification, we learned a lot along the way. Most notably we were given the opportunity to properly reflect on our internal practices and processes. With this reflection and the ISO 27001 guidance we were able to learn how we could best improve our internal governance.
First of all, peace of mind, knowing that our processes and products are meeting the highest security standards. By undertaking this investment, it also shows that we are actively investing in our fantastic people, our products and our processes. To our customers it provides a seal of approval by way of an independent expert assessment assuring that their data is adequately protected. When we first contemplated getting the certification, we could not have foreseen how lucky we were to have it completed well before the COVID-19 pandemic. Cyber-attacks have grown in intensity and strength over the course of the COVID-19 pandemic due to the steep increase in remote work practices. Remote working is covered within the ISO 27001 framework so you can be confident the same strict security measures apply.
The biggest mountain we had to move to meet ISO standards was our tight timeframe which we had set ourselves 😉. We planned to be ready for audit within six months, which we proudly achieved!
Once certified you cannot sit back and relax. It’s about always being a step ahead. We continue to be audited annually by BSI (The British Standards Institute).