When purchasing a new cloud solution for your agency, you have probably come across a certification called ISO 27001. ISO 27001 is often put forward as a requirement by your IT team or in more recent times, as a mandatory inclusion by your CIO or Risk Officer.
However, there is often a limited understanding of the benefits and assurance that this certification brings to an organisation placing their sensitive information in the cloud.
So what is ISO 27001?
ISO stands for the International Organisation for Standardisation. Since the 1940's this organisation has been a global player ensuring quality and safety in both products and services in international trade. The standards put out by ISO cover everything from Food Safety Management to Sustainable Events.
ISO 27001 is the standard for "Information technology, security techniques and information security management systems". It ensures that an organisation that is developing software, such as Objective, has a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management. It gives our customers confidence that we take a systematic approach to managing risk and documented processes to cater for any eventuality.
How does a cloud solution become certified?
Conducted on an annual basis, ISO Certification is completed by external third party assessors that review all elements of your development practices. For Objective Connect, our online file sharing and collaboration platform, the audit covered:
- Company: Is there a set of information security goals defined for the organisation and is there a structured framework for reporting risks and issues to the executive?
- Team: Have the entire team been trained, from induction onwards, on their role in minimising and mitigating risks to information security? From the correct way to handle client data to avoiding phishing emails, information security has to be part of the day-to-day, not just at audit time. The audit also covers employee onboarding - for Connect this is ensuring each new employee has a thorough background check
- Process: Is there a documented set of procedures that are followed during the entire software development lifecycle and across the wider business? Does everyone understand their role and what to do in the unlikely event of a breach?
- Premises: How secure is the company's physical environment? From building access and server rooms to sign-in and chaperone procedures for visitors, the physical environment must be checked and rechecked.
- Infrastructure: How are laptops and devices distributed, software patches deployed and anti-virus updates enabled? Each aspect of an organisation's IT infrastructure is covered.
So what does this mean for your organisation?
Ultimately this about ensuring you have peace of mind when a cloud application hosts your information. When developing Objective Connect, information security is part of our culture and in a state of continual improvement. It impacts our day-to-day and informs the way that we do business.
When working with any vendor offering a cloud solution, you need to know that information security is a 'state of mind'. ISO 27001 is a perfect way to tell that this is the case.
Objective Connect is a secure file sharing solution built specifically for government. Objective Connect is Certified ISO 27001 cloud solution.