Menu

Call us on 03450 21 21 51

Building B2B relationships on confidence: why ISO 27001 accreditation is more important than ever
The SRM Blog

Building B2B relationships on confidence: why ISO 27001 accreditation is more important than ever

Claire Greathead

Written by Claire Greathead

17th September 2020

Share this article

iso 27001 accreditation

You’ve fallen and broken your leg. As you lie there, three strangers offer to help. One has received basic first aid training; the next has had some experience in bone-setting but has no recognised qualifications; the third is a fully qualified and practicing orthopaedic consultant surgeon at a leading hospital. Which one do you trust to care for you?

Confidence is crucial in all walks of life. And nothing inspires it more than a reputable and recognised accreditation. When we have proof that an individual or organisation has put in the hours required to demonstrate skill and aptitude, it’s always easier to know where to place our trust.

In the business world, ISO 27001 accreditation offers precisely this form of reassurance: providing tangible proof that a business is equipped to follow a recognised and audited company-wide security framework – as well as taking proactive steps to make online security a priority through consistent maintenance and improvement.

The confidence inspired by ISO 27001 accreditation is perhaps more important now than ever before. That is because cyber crime is on the rise in the UK and around the globe, with hackers skilled at identifying and exploiting vulnerabilities across all areas of an organisation’s digital estate. In fact, the “new normal” of remote working and fragmented workforces has presented them with unprecedented opportunities to cause disruption and breach a company’s defences.

As a result, 2020 has seen a huge surge in cybercrime. Reported attacks targeting home workers increased from 12% in early March to over 60% by the end of May. But given that cybercrime is notoriously under-reported, these figures are likely to be even higher in reality. And the trend continues as much of the UK workforce continues to operate from remote locations.

Given the likelihood that the majority of businesses in your supply chain are operating under these circumstances, the confidence inspired by ISO 27001 is more important than ever. If you are not showcasing your commitment to best practice through ISO 27001 accreditation yourselves, then why should others trust you? It is for this reason that many organisations already seek ISO 27001 certification.

Of course, an investment in time and budget is required for the ISO 27001 certification process. But consider the financial implications of a breach, the damage it could do to customer confidence and supply chain relationships; then consider the value and the many benefits ISO 27001 brings. It’s also important to bear in mind that the experienced team of consultants here at SRM work hard to identify ways to improve not only information security but also the efficiency of the processes and procedures involved. Often this enables long-term savings – both through reduction in overheads and reduced demand on resources.

 

How ISO 27001 benefits data security

  1. Clear direction

Unlike GDPR, which does not have an actual compliance process, ISO 27001 provides very clear direction. It concentrates on policies and processes, including all legal, physical and technical controls involved in an organisation’s information risk management processes. Its value is that it creates a robust environment to protect both staff and customer information assets.

  1. Assessment by an independent auditor

Certification means a third party-accredited independent auditor has performed an assessment of all processes and controls and confirms that operations are in alignment with the comprehensive ISO 27001 certification standard. This is an ongoing three-year cycle of audit and certification.

  1. Risks assessed on criticality

If a company is implementing ISO 27001, it demonstrates that careful consideration has been given to what could endanger confidentiality, integrity and the availability of information. Once those risks are known, it is about ensuring that security measures have been implemented in order to decrease them to an acceptable level. Aligning information security with the ISO 27001 framework ensures that risks are addressed based on criticality. This means that the highest risks are addressed first and any unnecessary costs associated with low risks are reduced or disappear altogether.

  1. Maintaining an Information Management System

Following the ISO27001 framework makes it much easier to maintain the Information Security Management System (ISMS) which should be reviewed annually and upon business changes to ensure that it stays relevant.

  1. Business Continuity

A requirement of the ISO27001 Standard is to ensure that Business Continuity is in place, which prioritises a business’s resilience and ability to operate in the event of a major.

 

Using ISO 27001 accreditation to specifically address the remote working model

The global pandemic has accelerated a digital revolution, meaning that most businesses have been compelled to adopt the remote working model with little or no time to fully gauge the impact on their risk posture. Yet because the ISO 27001 standard is based on risk assessment, the process adapts to the challenges faced at any given time. In short, it is ideally suited to providing the process for a thorough evaluation of the risks of remote working.

In reality, however, few organisations have had time to prepare for or adapt to such a significant shift in work patterns. Professional help from a qualified ISO 27001 consultant will ensure that the process is conducted to the highest standard of best practice, while saving significantly on time and cost. That is because a specialist consultant has the experience and expertise to address the issue of remote working and all its additional complexities, with no false starts or unnecessary steps, thereby saving you both time and money.

 

How SRM can support you

SRM’s ISO 27001 consultancy can be tailored to the requirements of the individual business. Some may have a team ready to implement the standard and therefore only need a gap analysis and a roadmap. Others may not have resources or the time to effectively implement new policies and procedures, and therefore require a more hands-on approach. This is often the preferred option as it has the advantage of no scope creep. It also ensures that an accurate gap analysis is conducted.

From providing guidance on the potential scope of the exercise to identifying the appropriate controls required, we have a proven track record for ensuring accreditation is achieved. We also provide ongoing support so that regular reviews are conducted and the ISMS is updated in line with any changes in work practice. In this way, we help you to review continually and refine the way you handle information security, not just for the present, but for the future.

Of course, we know how important it is to have confidence in those you work with. Our ISO 27001 consultants are highly motivated individuals who hold ISO 27001 Lead Auditor certification, providing evidence of our commitment to expertise and integrity.

Looking to gain ISO 27001 certification for your business? Call the SRM team today on 03450 212151. Alternatively, you can enquire here.

Back to top