The internationally recognised ISO 27000 family of standards provides organisations with extensive guidance on how to manage data assets securely and ISO 27001 provides a rigorous set of requirements for ISMS. By adhering to these requirements, organisations are able to establish highly organised, risk-based methods of managing personnel, IT systems and processes in a way that ensures sensitive data is protected.
Speaking on the reasons behind gaining certification for ISO 27001 Managing Director, Tony Cook, comments, “Over the past few years there have been a number of high profile data breaches all over the world. These led us to completely re-evaluate our approach to data security. Protecting our partners’ data is of critical importance to us and we have an absolute desire to adopt best practice in this area.”
As part of the certification process, Union Street permitted BSI to conduct a thorough audit of its ISMS to demonstrate their effectiveness and compliance with the ISO 27001 standard. This included evaluation of penetration tests, continual vulnerability scans and unauthorised access liability.
According to Cook, complying with the standards set out by ISO 27001 required significant investment. He explains, “Qualifying for ISO has required us to make some big investments into our security and hardware infrastructure. This has included the deployment of new firewalls, multi factor authentication and building a completely new cloud environment to host our solutions. We have also appointed a dedicated Standards and Security Officer to continually assess our security processes, to ensure they are followed correctly and to make certain that our organisation operates to the highest standards for data security.
“Perhaps the biggest investment of all was in training our 90 staff on our ISMS processes. Getting all staff involved and training them effectively is absolutely the key to success in this area. It won’t matter how robust your security processes are if your team are not adhering to them properly.”
Summing up, Cook states, “Gaining BSI certification for ISO 27001 confirms that Union Street has successfully implemented an end-to-end security framework that enterprise grade partners can rely on to protect their data. It clearly demonstrates our commitment to safeguarding partners’ data and they can have absolute confidence, particularly when using our cloud solutions, that their data is in safe hands.”
Toni Allen, UK Head of Client Propositions, BSI comments: “In today’s digital world, organisations must be able to prove that they are safeguarding sensitive information in order to gain the trust of customers. By gaining certification to ISO 27001, Union Street has shown its commitment to securing its valuable information assets and has demonstrated that it is doing its upmost to ensure information is well managed.”