It has taken a little while to get everything audited, but hot on the heels of our ISO 9001:2015 certification, we are pleased to announce that we have been awarded the certification for ISO 27001:2013.
What is ISO 27001?
The ISO 27001 standard provides the framework for an effective Information Security Management System (ISMS). It sets out the policies and procedures needed to protect organisations and includes all the risk controls (legal, physical and technical) necessary for robust IT security management.
By becoming ISO 27001 certified, we are showing a commitment to ensuring that adequate security controls are in place to protect information and data from being accessed, corrupted, lost or stolen.
ISO 27001 requires that management:
- Systematically examines the organisation's information security risks, taking account of the threats, vulnerabilities, and impacts.
- Designs and implements a coherent and comprehensive suite of information security controls and other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable.
- Adopts an overarching management process to ensure that the information security controls continue to meet the organisation's information security needs on an on-going basis.
Standard? You mean extraordinary!
The auditors looked at our organisation and the protection we use against information security threats, including hackers and cyber-attacks. They found that, thankfully, a vast amount of our procedures met the requirements of ISO 27001, so we only needed to tweak a handful of policies.
What will change for our customers?
On the face of it, nothing - myTTNC and purchasing from the website will remain the same as before. However, the certification shows that you can be confident that we do everything possible to keep your personal information safe behind the scenes, actively assessing risks and managing the security of the data.
If you have any feedback, ideas or requests, please let us know by sending an email to firstname.lastname@example.org