Working with other peoples data is fraught with difficulties these days. There isn’t a day goes by without some sort of news story regarding data breaches, compromises or lapses in an organization’s sensitive information.
Knowing that the Data Protection Act and the Data Commissioner are there to ensure that data is protected is not that reassuring when most of the data breaches come from either external malicious sources (snooping governments included), or poor internal practices as to how sensitive data is stored and managed. The biggest cyber-attack in the history of the state took place at the Irish marketing and travel business Loyaltybuild in Ennis. In total, according to the Irish Independent it is estimated that the hacking attack in mid-October exposed either the financial details or personal information of 1.1 million people to online raiders. In a recent survey by the association of Data Protection Officers and the Irish Computer Society, more than 40pc of IT managers in Irish companies admitted to data breaches in their workplace. The need for companies to have an effective management solution for sensitive data has never been more apparent. This is where the ISO 27001:2013 comes into play but is there another advantage to implementing the standard.
The ISO 27001:2013 standard, aims to bring risk management to your sensitive data. Certification Europe describes ISO 27001:2013 as a “set of standardised requirements for an information security management system. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving your data security policies and procedures The benefits of this ISO standard can be considered two fold. The first can be an improvement in the work practices carried out by a company to ensure that information security is managed effectively and efficiently. The use of gap analysis and risk assessment is used to identify and fix potential threats to the companys’ data management with the aim being a methodical approach to a successful implementation.
The second however is more important. It is a standard that can make you stand out from your competitors and help your company win business. The ISO standard itself has huge gravitas within the business world. The very presence of its symbol on say an Asian company’s website can be of huge reassurance the buyer from wishing to place a manufacturing order to an agreed standard. That same reassurance can also be said of the larger company looking to outsource its sensitive data to third parties. It is demanded from any manufacturing vertical market wishing to do business with a major multinational or government bodies. One client of ours, a local accountancy firm, was asked by the HSE to become compliant with the standard before the continued outsourcing work to them.
“Having the ISO 27001 standard can make you stand out from other competitoiors looking for the same business letting them know you have achieved certification in looking after your Information Security Management Systems “
Here at Hybrid Technology partners we have managed the implementation of the ISO standard for clients. To see how this actually worked in the real business world then I would encourage you to read our Case Study for Antaris Consulting in Limerick. If you are interested in what is needed to implement the ISO 27001 then feel free to call us, on 061-211444 or email firstname.lastname@example.org.