Recently Backup Systems were awarded a certification of ISO 27001. The director of Backup Systems Mark Ridley was interviewed on the subject.
ISO 27001 is an international standard with global recognition used for an information security management system (ISMS). The certification demonstrates that the company has identified the risks and put the systemised controls in place to keep confidential information secure.
Why did you decide to get ISO accredited?
The main reason we decided to go for ISO 27001 is simply because we wanted to attract bigger clients. At the time, we were tendering for an NHS contract which fortunately we managed to get, after we received our certification.
The majority of public sector organizations now expect you to be able to provide high levels of data protection, so it is worth it in the long run as it opens up doors.
Certification to ISO 27001 is basically the international standard for information security. It promotes efficient management of sensitive corporate information, highlighting vulnerabilities to ensure it is adequately protected against potential threats. It encompasses people, processes and IT systems.
ISO 27001 allows us to prove to our clients that we are managing the security of their information efficiently. The standard is relevant to organisations that manage high volumes of data. All major companies and public sector bodies require you to have an ISO certification as they are dealing with sensitive client data and must comply to strict GDPR rules. We are very proud to say that we are able to offer high quality service using ISO standards.
What steps did you have to take to get accredited?
It was much harder to achieve than we initially expected. We had to review our existing processes and complete a lot of documents before applying. There were around 15 points that we needed to consider. We began our application in August, with a GAP analysis, and we were officially awarded the ISO 27001 certification in October. For larger companies it can take years to get accredited.
I feel that a lot of great things came out of it. It has really encouraged our team to look into new processes that we didn’t necessarily think of before. It has strengthened our workflow and improved our existing management systems.
Our current certificate is valid for 10 years, but we must perform regular audits to ensure that our service complies to the ISO standard. Every year our office is visited by an external auditor who is making sure that we are keeping up to the ISO standard. This way our clients can feel safe and secure in our hands.
What does this mean for your customers, how will they benefit?
I believe our customers will benefit from working with a trustworthy provider who maintains the company’s own integrity to the safeguarding of its data to an even higher standard. It also installs confidence further down the supply chain resulting in stronger customer and supplier relationships. Our clients can expect us to protect all client/employee information and manage any risks to information security.
We now have a more efficient business continuity plan in place to offer to our clients. They can feel a lot more secure and looked after. Our new approach helps organisations defend themselves from both highly organised attacks and common internal threats such as accidental breaches and human error.
GDPR and ISO 27001 are two significant compliance standards that have a lot in common. Both aim to strengthen data security and mitigate the risk of data breaches, and both require organizations to ensure the confidentiality, integrity and availability of sensitive data.
What does this mean for Backup Systems going forward?
GDPR has forced us to put in a larger amount of work to protect our and our client data. As a result, it has raised the standards for backup and disaster recovery, which is beneficial for everyone.
Therefore, having appropriate access controls in place lowers the risk of accidental exposure to employees of confidential or sensitive data. It also adds the reassurance to our employees that their employer is meeting data handling security guidelines and defines clearly internal roles and responsibilities, as well as improving job satisfaction and productivity.
What did you learn through the process?
We learned several things throughout the process that we didn’t know prior to attaining the certificate. This has allowed us to strengthen our business and offer a better service and higher standard of protection to our clients.
We have also established a number of new policies and structures that comply with the ISO standards. As all staff have clear guidelines to follow, this helps keep the system secure and reduces the risk of attack. This includes policies around the use of external drives, safe internet browsing, and strong passwords.
The new approach has become an integral part of how our IT systems are managed, with a security policy communicated to the whole team. The adoption of this security policy throughout the entire team has reduced organizational risk and ensured all assets of our clients’ information are protected to the highest possible standard.
What’s on the horizon for Backup Systems in 2019?
Since ISO 27001 has been implemented it has opened up more opportunities to working with the larger organizations and more versatile clients.
This has provided us with some exciting prospects for our company in 2019, as we are looking to expand our team and take on more staff, particularly in the sales and technology department. So, we are excited to see what 2019 has in store for Backup Systems.
If you are looking to improve the security of your data or upgrade your company's backup system contact our team and see how we can help. We work with a number of small and large companies across the United Kingdom and we can help you achieve highest security standard.