We’re delighted to have passed a recent external audit of our ISO 27001 certification, further evidence of our continued commitment to maintaining the highest standards of data governance. Having achieved our initial certification last year, we are constantly auditing ourselves internally, but this external review represented our first opportunity to demonstrate that the policies and processes we’ve put in place are working effectively.
For those who are unaware, ISO 27001 is the international standard for organisational security and data governance. This relates not only to how we manage the data within our own business, but that of our customers too, and requires us to follow a stringent set of policies and procedures that ensure all aspects of the data we interact with are managed appropriately, ensuring the security of business-critical information.
It’s easy to assume that the term ‘data governance’ is referring only to electronic data, but an equally important aspect of the ISO 27001 standard is the protection of physical data. This includes everything from paper records such as quotes and invoices to physical media such as CDs and USB drives. The standard requires us to evidence the full journey of this physical data, including how it is stored, transferred to a digital state, and disposed of, even down to the effectiveness of how paper is shredded.
There is also a consideration for how we manage the data within any customer machines being held on-site, whether they’re undergoing maintenance, repairs, or any other technical work, as well as the physical barriers implemented on site such as CCTV and door locks to prevent any sensitive data, physical or digital, being removed from the building and potentially falling into the wrong hands.
We are proud to say that Highlander received no reports of non-conformance during our audit, thanks to our strict adherence to the staff policies and physical barriers we’ve implemented that ensure all data is protected to the highest possible standard. This includes staff initiatives focused around how to appropriately manage and dispose of physical paper records and legacy hardware, as well as ongoing internal training that emphasises the importance of protecting electronic data, most notably from the threat of potential malware attacks via email.
We believe that protecting all aspects of the data we encounter every day is of the upmost importance, which is why we take great pride in the continuation of our ISO 27001 certification. What’s more, we treat all data, both physical and digital, exactly the same. So, no matter whether it’s our own, our customers’ or even our customers’ customers’, so you can rest assured that all your data is in safe hands.
ISO 27001 is just one of the many independent standards we maintain, including ISO 9001 for Quality Assurance, and ISO 14001 for Environmental Management. Learn more about the standards we have achieved.