In July 2021, Compass Informatics was certified to the ISO27001:2013 Information Security standard (Certificate Number: 11752-ISMS-009). This reflects the on-going investment in information security and in overall company processes – in order to enable the team to provide ever-improving services to our highly valued client organisations.
As a data-led business, Compass has always employed class leading tools and processes for data storage and management, so we were already in an excellent place. Our certification is validation of the excellence that permeates the work with do for our varied client base.
ISO 27001:2013, also known as ISO/IEC 27001:2013, is an internationally recognised standard for information security management systems (ISMS). Published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC), it provides a framework for establishing, implementing, maintaining, and continually improving an organisation’s information security management system.
The standard sets out the requirements for establishing, implementing, maintaining, and continually improving an ISMS within the context of overall business risks. It adopts a risk-based approach, emphasising the importance of identifying and assessing information security risks and implementing appropriate controls to manage those risks effectively.
The key principles of ISO27001:2013
Risk assessment and management
The standard requires organisations to conduct a systematic assessment of their information security risks, considering the likelihood and impact of potential incidents. This includes identifying assets, threats, vulnerabilities, and the potential consequences of a security breach.
ISO27001:2013 emphasises the importance of understanding the organisation’s context, including its internal and external factors that can affect its information security objectives. This helps in establishing a risk management framework that aligns with the organisation’s goals and priorities.
Leadership and commitment
The standard requires top management to demonstrate leadership and commitment to information security by establishing an information security policy, assigning responsibilities, and providing the necessary resources for the ISMS implementation and maintenance.
ISO27001:2013 promotes a culture of continual improvement in information security management. It encourages organisations to monitor, measure, analyse, and evaluate their ISMS performance, and take appropriate actions to address any identified gaps or areas for improvement.
Documentation and control
The standard requires organisations to establish and maintain documented information that supports the operation of the ISMS. This includes policies, procedures, guidelines, and records related to information security. It also emphasises the importance of implementing controls to mitigate identified risks.
Thanks to all our team for the commitment to the ongoing ISO27001 process.