What is ISO27001 and why it matters
ISO27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). An ISMS is a framework of policies, procedures and controls that helps organisations protect their information assets from various threats and risks. Achieving ISO27001 certification demonstrates that an organisation has implemented best practices for information security and has undergone rigorous audits by an independent body. This gives customers confidence that their data is handled securely and responsibly by the organisation.
How we have evolved since 2022
We obtained our ISO27001 certification in 2022, after about an 18-month process of reviewing and improving our information security processes and controls. Since then, we have not rested on our laurels, but have continued to enhance our ISMS. Some of the steps we have taken include:
- Updating our risk assessment and treatment plan regularly to identify and address new and emerging threats and vulnerabilities
- Conducting internal and external audits to monitor and measure our progress and compliance
- Further enhancing our training and awareness programs to our staff to ensure they understand and follow our information security policies and procedures
- Implementing new technologies and tools to improve our information security capabilities and resilience
- Engaging with our customers and stakeholders to communicate our information security commitments and achievements
What this means to our customers
Our information security journey is not only about meeting a standard, but about delivering value and trust to our customers. By enhancing our information security, we can:
- Protect our customers’ data and privacy from unauthorised access, disclosure, modification, or loss
- Ensure the availability, reliability and integrity of our services and systems
- Reduce the likelihood and impact of information security incidents and breaches
- Comply with the relevant laws and regulations regarding information security and data protection
- Strengthen our reputation and credibility as a trusted and responsible partner
As we look ahead, we are excited to bring our Advantage Connect business unit on board with our information security journey (Our Connect business unit was “born” through the acquisition of NSPIRE in December 2022). The past 18-months have been focused on integrating our teams and we are now ready to complete the groundwork to ensure Advantage Connect meets the same high standards of information security as the rest of our organisation. We believe that this will enhance our customer experience and satisfaction, as well as our competitive edge in the market. We will share more details about our progress and achievements in the coming months.