Why ISO 27001:2013 matters

As you read this, Quiss Technology will have completed the rigorous process that comes around every three years, to ensure we retain our ISO 27001:2013 certification, the internationally acclaimed standard for information security management accredited by UKAS.

And for those of our readers who are customers, this is really important. It demonstrates the importance everyone within our business places on the security of the information we handle for our clients and the quality of service we deliver.

Three years ago, almost to the week, many months of hard work and an intensive audit culminated in Quiss becoming the first IT services provider in the UK to achieve ISO 27001:2013 certification.

But the effort required in the intervening years has proved this is not just a standard you achieve and forget. It requires that we continually improve the information security management system we have developed, but isn’t just about data security.

The standard looks at the business as a whole, considering our financial strength and any commercial risk to our clients, whilst ensuring everyone in our business understands their responsibility in protecting the data of our clients.

Given the growth of Cloud solutions and movement of large volumes of sensitive data over the Internet, it is imperative that clients can have complete confidence in the ability of service providers like Quiss to manage and store data securely – all of it, everywhere.

It’s important to note that every aspect of our business is covered by the certification from the way we operate our stores to our data centre and helpdesk to sales operation; and that sets us apart from many who hide behind the ISO 27001:2013 certification of a data centre.

Often businesses will display the ISO certification for the data centre they use, ignoring the fact that their own operations have not been exposed to the exacting scrutiny of the ISO auditors. And to be honest, achieving certification for a secure data centre is child’s play in comparison to achieving the required standard for your entire business.

No one is suggesting this is done to fool clients, but it requires further investigation on the behalf of prospective clients to ascertain the extent to which the entire business has been assessed and not just the data centre.

Next time I’ll go into a little more detail of what’s required, for those of you considering working towards achieving this important standard. There is little doubt it will become increasingly important in the years ahead, particularly if you want to work with government departments, public bodies and large commercial organisations.

Ian Harrison, Customer Services Director, Quiss Technology plc

Like what you read?