Following an audit by UKAS Accredited Auditors, the British Assessment Bureau, Atomwide have been awarded official ISO27001 accreditation.
ISO 27001: Why do we need it?
Cybercrime has become headline news. Stories about data breaches that compromise global names multiply (think most recently with the NHS), and the Government is planning to tackle the issue by investing £1.9bn into cyber security. It may feel as though this is a new issue, but in truth Information Security has always been a risk. The change is that the threat has become ever more real:
– 8m people were victims of online fraud across England and Wales in 2015
– 44% of consumers worry about how their personal data is handled
– 60% of small businesses are victims of a cyber breach
– Cyber crime costs UK businesses £34bn a year
Risks will only intensify as organisations focus more investment in the digital world. More than ever, not only do organisations need to protect themselves, they must also ensure they protect the trust of their customers. With ISO 27001 accreditation we can now demonstrate that we actively do both.
ISO 27001: What is it?
ISO 27001 is the standard created by the International Organization for Standardization (ISO) which deals with Information Security Management. It’s a way of making sure that you’re managing information security risks effectively. ISO 27001 isn’t new. It can be traced back to the British Standard 7799, published in 1995. Originally written by the DTI, after several revisions ISO turned it into an internationally recognised standard.
The aim of the ISO 27001 standard is to help companies to establish and maintain an effective Information Security Management System (ISMS), using a continual improvement approach. The organisation will systematically examine any risks to information security and put in place policies & procedures to manage those risks. The intention is that an organisation should design, implement, maintain and continually improve a set of controls and measures to manage any threats to its information assets.
ISO 27001 is an ideal approach to deal with Information Security because its requirements cover a crucial element – management buy-in. ISO 27001 expects organisations to demonstrate that they link overall business objectives to security priorities. Moreover, the standard recognises the importance of communication; everyone in the organisation needs to understand their role in preventing Information Security threats and communication needs to be in a common language.
Information Security is not just the IT team’s responsibility, which is why ISO 27001 recognises the approach has to be led by the Board Room in order to develop a security-conscious culture.
In reality, most data breaches are nothing to do with new technology or advanced viruses, and everything to do with a lack of policy and education. Looking at data for UK companies:
– 60% of security events are the result of an inside attack
– 39% of IT staff can get unauthorised access to sensitive information
– 11% could take sensitive information with them if laid off tomorrow
– 42% of confidential data loss is through staff
ISO 27001: What are the benefits?
While news stories about data breaches focus on the world’s biggest companies, all organisations are equally vulnerable. Atomwide customers can remain reassured that when it comes to handling their data Atomwide are officially accredited as being up to the task. ISO 27001 is the gold standard accreditation in data management and demonstrates that we take security threats to our customer’s data seriously.
For more information or to discuss in more detail please get in touch.
The Team at Atomwide
www.atomwide.com | 01689 814700 | firstname.lastname@example.org