ISO, ISO It’s Off to Work we Go
In the words of Noddy Holder of Slade fame: “It’s Chriiiiiiist-maaaaaaaaaaas!””. Well, not quite, but it will be soon. And you know what that means: plenty of food, drink, partying, more food, more drink, more partying, presents galore (hopefully) and panto – okay, I am a fan of panto and my secret is out.
Hornbill celebrated Christmas early, receiving one of the best presents it could have hoped for this year: achieving ISO 27001 certification for its cloud operation. “Oh no you didn’t”, I hear you cry – “that’s not possible in such a short timeframe”. Oh yes we did, and we’re very proud of the achievement. In just 9 months, under the guidance of an external consultant and the watchful eye of our Information Security Manager (ISM), the cloud team successfully put in place a number of processes, covering areas such as business continuity, physical security, destruction of old equipment, encryption of data, classification of information, that met the requirements of the ISO 27001 standard. That’s some achievement.
These processes were independently reviewed by an external auditor from the British Standards Institution. That in itself was a daunting experience, particularly for our ISM who sat in a room for two days with the auditor explaining the implementation of the Information Security Management System in place and demonstrating that it was being followed to the letter. In addition, selected members of staff were interviewed and the security perimeters assessed. It was a very thorough examination of our operation.
During the run up to ISO 27001 certification, the ISM was both friend and foe: he helped us put in the processes and kicked our butts – no need to check the ISO 27001 glossary for a definition of what that means! – when we inadvertently failed to apply the processes. Seriously, though, it’s a tough role: he had to follow the Standard whilst being pragmatic and above all do whatever was necessary to protect customers’ data. Not a popular chap at times, ruffling a few feathers as he went about his work.
So now that we have achieved ISO 27001, you’re probably thinking “It’s behind you”. Oh no it’s not! – far from it. We will continue to improve our Information Security Management System (continuous improvement is a key part of ISO 27001) and in due course roll out ISO 27001 to other parts of Hornbill. The first Continuing Assessment Visit has been scheduled for the summer.
Right, I must go and wrap presents as well as work on my next blog post entitled Social Engineering on Tap. Happy Holidays!