At Highlander, we value the importance of your data and are very serious about security. That’s why when the opportunity presented itself for us to become ISO 27001 Information Security Management (ISMS) certified, we jumped at it. At its core, ISO 27001 is the international standard for organisational security. The framework assists organisations in managing and protecting data in order to keep everything as safe and secure as possible at all times. We strongly believe it is the minimum standard that all IT service providers should be meeting.
Due to the existing security processes we had in place, and the investment of our people’s time and resource into achieving the certification, we were able to become ISO 27001 certified in only 8 months. The average time to achieve the standard is usually a minimum of 12 months, so we feel our swift progress is indicative of the headway we’d already made pre-ISO, but also our dedication and proactivity throughout the certification process.
To meet the standard, we have worked hard as a team to create and define new policies that ensure that all of our operational procedures are ISO 27001 compliant, including policies for the management of our customer data and the deployment of any new technologies to further secure and assist our own organisational data. In addition to this, we set up an internal Security Working Group (SWG) comprised of 8 team members that write these policies and are responsible for deploying the standard across our business and into our processes. Every single one of our employees also needed to go through rigorous security training and pass Disclosure and Barring Service (DBS) checks.
Of course, our achievement of ISO 27001 doesn’t just have an impact on our business – it also affects our customers’ businesses. The certification means that you get peace of mind in knowing that not only is our internal data managed to an ISO 27001 standard, but yours is too. We share all of the benefits we’re seeing from these sophisticated, more regulated data security procedures with you, and offer as much advice as we can to ensure that your business follows the same best practices in keeping your data secure.
We see ourselves as your “security police”, and conduct monthly meetings to review all internal and customer security incidents before putting any necessary remediation plans in place. Anything we do, we do it with you and your data in mind. By audit logging the work we do for you on a regular basis, we’re able to track exactly who did what and when via unique logins issued to all of our engineers, so if there are ever any queries or discrepancies, we can immediately identify who was involved and how the job was carried out. There is also something to be said for the part ISO 27001 plays in GDPR compliance – fundamentally, we help you to get your business’ data straight and secure and keep it that way.
ISO 27001 has made an overwhelming difference to our internal operations. By tightening our physical security, we’re able to minimise any risk, such as the potential for data leakage, and are seeing huge advantages in the simplest of ways – even from people just signing into the building properly!
We’re already starting to work towards a new ISO security standard after our achievement of 27001 – 27552. While this isn’t yet an auditable standard, it will become an enhancement to the ISO 27001 certification that is more keenly focused on privacy management and GDPR compliance.
ISO 27001 is the latest addition to our growing list of independent standards, including Quality Assurance standard ISO 9001 and Environmental Management standard ISO 14001. Learn more about the standards we have achieved.