We’re ISO 27001 certified…..yet again!
Ed Evans
We’re extremely proud to announce that Genovo has successfully completed an external assessment by a UKAS accredited certification body, Approachable Certification, and once again achieved ISO 27001 certification with zero /none / nil / zilch major or minor non-conformities!
In maintaining this certification, we continue to demonstrate our commitment to managing information security and quality to internationally recognised standards across our business operations and the services we provide to our customers.
What is ISO 27001?
ISO 27001 is the most recognised international standard for managing the risks to the security of information a company holds. It is based on implementing security controls to mitigate these risks and sets out the requirements for the company’s Information Security Management System (ISMS), which is in turn used to implement the benefits of this standard.
The standard adopts a process-based approach to establishing, implementing, operating, monitoring, maintaining, and improving information security. It also ensures an adherence to a comprehensive set of standards governing data security and confidentiality, legal compliance, and operational reliability.
What does ISO 27001 certification entail?
Achieving and maintaining ISO 27001 certification requires a considerable investment of time, money, effort and commitment. It involves a rigorous evaluation by an external auditor that scrutinises every facet of the company’s ISMS. The ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in a company’s information risk management processes. It includes 114 controls that must be fulfilled across 14 domains.
ISO 27001 certification also requires involvement from every member of the Genovo team. All employees have to be trained in and practice its key policies and procedures. Indeed, at audit time, the external auditor will interrogate any employee of their choosing to test this compliance.
For us, monitoring is implemented via quarterly internal audits, half-yearly audits by an external consultant who is an ISO 27001 auditor and, every 12 to 18 months, a surveillance audit by the certification body as per the requirements of the standard.
Why do we do ISO 27001?
In the first instance, I want to stress that we don’t do ISO 27001 for the badge, nor do we do it because one of our customers has told us to!
ISO 27001 is so much more than a tick in the box for us. Since day one, information security has always been included in every aspect of our system development, our internal operations, and how we handle data. However, we soon came to realise that managing this wasn’t easy and ISO 27001 would provide us with a more comprehensive industry best practice framework to identify, manage, and prevent any potential information security threats.
Aside from demonstrating that our business operates under good security practices, achieving the certification also reflects our knowledge and understanding of the ever-increasing weight of responsibility that our customers have for the security of their own clients’ data. Cyberattacks are becoming ever more commonplace and increasingly more challenging for the average business to detect. The financial damage to companies and their customers can be overwhelming, and therefore we want to make sure that we’re doing our bit to help our customers mitigate their risks.
How does our ISO 27001 certification benefit our customers?
In a nutshell, this certification demonstrates to our customers that they can trust us to manage their sensitive information. Being ISO 27001 certified demonstrates that our people, processes, tools, and systems adhere to a recognised framework that is the highest standard. It also ensures:
- Our customers’ data is rigorously protected.
- We continually assess, minimise, and eliminate risks and vulnerabilities.
- Genovo remains compliant with the highest standard for information security.
- An internal culture of security, so all employees prioritise information security by design.
- Operational excellence when it comes to our IT, HR, and information processes.
In conclusion, whilst we are immensely proud of achieving ISO 27001 recertification yet again, we understand that maintaining a high level of information security is a continuous process. We are dedicated to staying abreast of the latest security trends and best practices, and we are committed to the ongoing improvement of how we implement ISO 27001 and how it supports our data protection goals.
Should you wish to learn more about the steps we’ve taken to ensure the security, privacy and protection of our customers’ data click here, or should you have any further questions about our ISO 27001 journey please don’t hesitate to get in touch.