Our journey and top tips for ISO27001 certification.

Posted on:

February 19th, 2021

Posted in:

Insights & Thought Leadership

Find out how we achieved our ISO27001 certification and how you can do the same.  

We’re certified!  

Building our Information Security Management System (ISMS) has taken months of hard work, but we are proud to say that we have been awarded the ISO27001 certification, the highest standard data security award.  We feel, now more than ever before, it is fundamental to the operation of our company, not only for us internally, but more importantly for our clients too. We have blogged before about how being ISO27001 certified can be considered a quality guarantee for suppliers.

Is it time you got certified too?  

While keeping up with data security has always been on the agenda for any responsible organisation, the pandemic has nudged the issue firmly to the top of the priority list. Working from home and companies moving once again to an increasingly remote environment means it’s the perfect time to be focusing on your information security and data processing facilities.  

While the preparation for becoming ISO27001 may be rigorous, the security of your systems will be in far better shape at the end of it and you’ll have a certificate you can put on your website as a badge of honour! And when you consider the costs of not taking your data security seriously, you can see it is well worth the effort. 

Start by building in the right behaviour   

We thought we would ask our Chief Information Security Officer (CISO) to provider her thoughts on where to begin:  

Whether you go for certification or not, complying with information security is not simply a tick box exercise. For us at Clekt, and for most companies, it’s about taking it back to the very beginning and understanding the journey your information assets take. Once you understand what information you have and the path it takes, you can start to build the protection at each of the critical points. The ISMS you build is not about being perfect, it’s about understanding the risk your organisation faces in protecting it’s information and putting in place processes and procedures that help to mitigate or erase these”.  

Claudia Hesleden CISO, Clekt  

5 Top tips for starting the process 
  1. Start early 

ISO 27001 is no small feat, it takes time! We recommend starting early and getting a plan in place for your next steps including your timeline. 

  1. Make sure you have full company buy in, especially at Executive level 

To achieve ISO 27001 you will need more than just sign off at management level. ISO 27001 becomes part of your day-to-day professional life, you will live and breathe it, so it is important to make sure that your management teams are on board and share your passion for information security. 

  1. Do your research! 

We wanted our ISO 27001 journey to be as seamless as possible. There are lots of different solutions available to help with the process, so we did some research until we soon found a solution which suited our cloud-based approach.  

  1. No blamestorming 

Incorporating a no blame culture into your business for instant reporting makes for a more cohesive working environment. Staff will be more likely to join you on the information security journey rather than fear they will be punished for reporting an incident- we are all human after all!   

  1. And finally…. Enjoy! 

Information Security is a challenge but a fun one nonetheless, building the foundations on which your organisation can grow is very rewarding so enjoy the process; as our team who worked on it will tell you it will soon become the best part of your day! 

At Clekt, Information Security is a key part of what we do, we understand the importance of protecting our own data, and our client’s data. We can help you understand your data and make it an integral part of your operations.  

If you would like to know more about how Clekt could work with your organisations to improve your data security, then please get in touch and we would be happy to talk.