ISO 27001 recertification

ISO 27001 recertification

DCSL Software are pleased to report that we have been recertified as an ISO 27001 compliant organisation, following an audit by the British Assessment Bureau.

Being an ISO 27001 certified organisation is very important to us as it help demonstrates to our customers and partners that we are a business they can trust to keep their information secure.

What is ISO 27001?

ISO 27001 is an globally recognized information security standard published by the International Organization for Standardization (ISO). By following its specific requirements, the standard is intended to help bring information security under management control in a structured and effective manner, through the implementation of what ISO 27001 calls an information security management system (ISMS). Organisations that meet the requirements may be certified by an accredited certification body after successfully completing an audit.

Why is ISO 27001 important?

Most organisations will have some information security controls in place. Many may exist by default (e.g. most modern operating systems come with a firewall) or have been implemented in response to a specific issue. However, without a formal management system these controls can end up being disorganized or only partially implemented.

Having an ISO 27001 certified ISMS ensures that information security controls are applied in a uniform and consistent manner, with any exemptions or deviations clearly tracked (all of which is tested by regular audits). This gives organisations a better view of the risks they are facing, allowing them to quickly and more effectively safeguard their information.

That said, it is not appropriate for all businesses, particularly for those just getting started with implementing information security controls. ISO 27001 requires significant time and resource investment, and it may be that other standards are easier for you to implement and better suit your needs. A good example is the government’s Cyber Essentials scheme, which has a far shorter list of requirements than ISO 27001.

That said, any security standard worth its salt will involve some effort, but that is no bad thing. The key is to ensure that you are committing to an amount of work that is reasonable for your business to undertake. There are also tools to help streamline the work. In fact, we’ve worked with a company that provides such a service –  Apomatix – in helping them create their proof of concept product. If you choose the right security standard(s) and have the right tools to help, then you’ll find the implementation project more manageable.

What are the benefits of certification?

For us, it is the breadth of ISO 27001’s requirements, it looks at everything from technical security to HR procedure, that makes it so beneficial. This comprehensive coverage means many view ISO 27001 certification as the gold standard in information security, something borne out by recent government research which found that 41% of businesses require their suppliers to adhere to the standard. Simply put, without ISO 27001, there would be companies who would not do business with us.