NEWS: Highest Information Security Tick For Unicorn
ISO27001 is the only auditable international standard defining requirements for an Information Security Management System (ISMS), to help organisations manage and protect valuable information assets and to give customers complete confidence they are dealing with a robust and secure business, especially key in financial services.
Unicorn first received ISO certification in 2011 and this year saw the business transition to the new ISO27001:2013 standard from the previous ISO27001:2005 benchmark. This new standard has been brought in to reflect the changing demands of IS security in the face of challenges and threats that did not exist in 2005.
This is the last year that firms can get the old standard – all ISO27001 audited businesses have to upgrade to the new standard but Unicorn opted to get ahead of the curve by upgrading a year early. Find out more about ISO27001:2013 here.
In the report Unicorn was commended on the quality of its Information Security Management System and how a process of continual improvement and excellent visibility of incidents is in place, along with improvements with good processes around HR, IT and hosting, and KPIs and management information within this area.
To get ISO27001 certified means reviewing and often improving every aspect of how you operate and includes identifying and mitigating potential vulnerabilities and risks, ranging from recruitment, identifying IT vulnerabilities to ensuring you have a robust business continuity plan.
To maintain certification for ISO27001 requires monthly security audits and annual external assessments.
Stuart Jones, Unicorn Training’s Director of IT, said: “This is a nice procedure to go through once a year because it shines a light on a lot of the hard work that goes into our processes and systems which don’t all get seen by staff or customers but are essential to our ability to grow the business operationally and ensure we continue to deliver the highest levels of information security for clients.”
ISO27001 is made up of 10 detailed control disciplines including information security policy, security organisation, asset classification controls, personnel security, physical security, communication management, access controls, system deployment, continuity planning and compliance.