Are your IT helpdesk and support teams ISO 27001 certified?
Posted 03 Dec 2019
In a recent blog post, we talked about the importance of becoming
Cyber
Essentials certified in order to demonstrate to your customers and
stakeholders that you take data protection and cyber security seriously. As
experts in IT and computing, we see first-hand the issues that can be caused by
poor online security systems and it’s why we have a stringent commitment to ensuring
that our clients are fully protected by the latest online threats.
A key part of our protection is our ISO 27001 certification.
Whilst it may sound like jargon to you, for us, it’s a core element of what we do.
It demonstrates that we are committed to the security of our clients’ data.
As an internationally recognised standard, it pinpoints an awareness of management
responsibility, continual improvement, and both corrective and preventative
action.

In short, it provides a guarantee that your information
security is paramount.
Why is ISO 27001 so important
ISO 27001 is internationally recognised for providing a
specification for information security management systems (ISMS). It has been
designed to allow businesses to manage their information security processes in
accordance with global best practice, regardless of company size or technology choice.
ISO 27001 is based on risk management. It provides risk
assessments which are formal processes allowing you to manage any information
security risks. It is a managerial-led process which ensures that security is
consistently applied throughout the entirety of your organisation.
If you’re a medium or large business, we know that it can be
easy to apply security settings via your IT or HR departments, but what about non-technical
aspects of your business? If you walk around your office, could you identify
confidential paperwork lying around on staff members’ desks? Is everyone in
your organisation aware of their roles and responsibilities when it comes to security?
It may shock you to realise that an organisation’s biggest threat isn’t
hackers, but it’s their staff. Without adherence to strict security procedures
and an understanding of IT policies, you could quickly be affected by a virus
or worse. This often occurs when a staff member has accidentally opened something they shouldn’t.
That’s why ISO 27001 is so important. It brings together the
different facets to ensure that a company is fully protected throughout the
business. If you are ISO 27001 certified, you can look at your security across
your whole organisation and conduct risk assessments which spot your weaknesses
and your vulnerabilities and incorporate preventative systems and policies in
place which react to these risk assessments.
Should I ask my IT support team if they have ISO 27001 accreditation?
In our view yes. Today’s hackers are incredibly sophisticated
and clever cyber criminals. Throughout the world, hackers are gaining momentum
so it’s important that your business is protected in full. Online security isn’t
just about implementing reacting measures to known viruses and phishing
attempts; it’s about careful planning and consideration. After all, prevention
is most definitely better than cure.
An important consideration of the ISO 27001 accreditation is
that certification is only granted by independent adjudicators. This means that
an external body has verified that you meet the steps set out by the standard. At
Lucid Systems, we have been assessed by the British Assessment Bureau, a
leading Certification Body who have determined that we meet these
required standards and that they are fully integrated into everything that we
do.

We believe that if you are investing in business IT support,
then you deserve to have an outsourced IT team who can demonstrably show that
they meet these standards as a minimum. If your team hasn’t achieved IS0 27001 accreditation,
then you should ask them for other evidence that your information security is resilient
to online threats.
How Lucid System’s ISO 27001 certification can protect your business
At Lucid Systems, we work with companies of different sizes
with a variety of different systems and procedures. But our commitment to information
security remains the same.
As an ISO 27001 accredited IT support provider, we can share
our knowledge and experience with our clients throughout Suffolk, Essex,
Norfolk, Cambridgeshire and Greater London. They know that our accreditation
means all of our IT support processes have been developed with the standards in
mind.
This means that our clients can feel confident that their
information is secure. They know that there is minimal risk of data breaches. Their
staff feel confident that they know how to reduce errors and they feel engaged with
the company. And what’s more, thanks to strict GDPR legislation, our clients know
that our accreditation can help to protect their own reputation. We can provide
auditable evidence that we are adhering to best practice and implementing strict
IT policies which put data security at the heart of everything that we do.
To find out more about our ISO 27001 certification and how we can apply
these internationally-renowned standards to your business, please get in touch.
by
Amy Dawson