- by Mike
Reflect Digital has achieved the ISO 27001 certification
We're proud to announce that as of 18th January 2019 we're ISO 27001 certified.
At Reflect Digital security is of the utmost importance, and showing our clients that we take security seriously was a goal we wanted to meet, and what better way than with meeting the highest possible standards by a team of independent auditors.
ISO 27001 is an international information security standard which demonstrates that an organisation meets a minimum set of security requirements.
What are the reasons for becoming certified?
Security has always been important to us at Reflect Digital, one of our directors previously ran an IT security business, so it has always been a consideration. With GDPR coming into play in 2018 we decided to take it a step further by starting our ISO 27001 journey to ensure we met the GDPR standards and more.
Our objectives from the outset were:
To ensure security was considered by every member of the team from a designer, to an account manager to a developer and all working to the same standards.
To ensure we have in place the right policies and procedures to aid our growth. This process would ensure we revisited all the policies and procedures we had put in place so far and would mean we would add a lot of additional documentation to give our business more structure.
To give confidence to our clients and potential clients regarding security.
Does this change anything for clients?
For the most part - clients shouldn’t notice any significant changes, as the majority of the policies we have implemented are behind the scenes.
However there are a few items that we are introducing for improved information security, that will affect clients. The main point here is how we transfer sensitive, confidential or personally identifiable information. This includes things like password, CSV’s with client details in, or contract/business information. We will be using Egress to transfer certain data going forward, so there may be a requirement for clients and suppliers to set up a free account.
Clients should also have confidence that we are taking the security of their data seriously, and that information security is woven into everything we do at Reflect Digital.
Will this change how we work in the office?
Short answer: Yes, absolutely.
Long answer: as above :)
Plus - The Infosec team at Reflect Digital have done a fantastic job in putting in place all the structure and policies required to meet the ISO 27001 requirements. However, it is the job of all Reflect Digital employees to help maintain our certification and improve and refine our processes.
Some of the items we have implemented already include:
- 10 point checklist
- Clear Desk Policy
- Better communication with regards to passwords
- Single sign-on, no unnecessarily shared login details
- New Staff training now includes ISO training
It now means we can go for contracts we wouldn’t have necessarily been considered for before we had the accreditation, which is really going to aid our growth as an agency.
It gives our clients and potential new clients (even if the certification isn’t a requirement) a good sense of our commitment as an agency to the security of our client's data, how we process it and we can help minimise security incidents.
Because we have implemented ISO 27001 at a relatively early stage of Reflect Digital’s life - it means that it can grow as we do, and it is woven into our fabric as a business.
A massive thank you to Jon Passmore from 2SB for his expertise in helping us achieve this accreditation. If any of our clients or suppliers are considering and ISO standard, then please feel free to reach out to us to ask about our experience or to talk to Jon directly about how 2SB can help.