Blog

Why should you choose an ISO 27001 accredited IT support provider?

/ Security
Last updated on April 16th, 2020

IT security - Why to choose an ISO 27001 accredited IT provider

The ISO 27001 standard is a signal that an accredited business is not only taking information security seriously but is committed to continuing upholding that standard. ISO 27001 requires a great deal of commitment to achieve and so if you have the choice between a supplier who is accredited and one who isn’t, go for the one who’s dedicated to keeping a high standard of security.

But the ISO standard isn’t just for checking if an IT support provider is any good, it’s an essential step for any business to take. Therefore, it often comes as a surprise how many business leaders and IT managers seem to be unaware of the standard and the value that it brings.

ISO 27001 is for information security what ISO 9001 is for quality – but it’s much bigger. ISO 27001 has been established by the world’s top experts in the field of information security to provide a methodology for the implementation and management of information security in an organisation. It also enables an organisation to achieve accreditation. Where an independent certification body confirms that information security has been implemented in the best possible way.

ISO 27001 specifically prescribes how an organisation will manage information security through a system of information security management tools and procedures. In essence, it aims to ensure that appropriate controls and management systems are in place to protect a business and its assets, particularly around key IT security areas that include:

1. Confidentiality

By limiting information access and disclosure to authorised users/entities only, and by preventing access by or disclosure to unauthorised users/entities.

2. Integrity

By ensuring that data has not been changed inappropriately, whether by accident or deliberately, i.e. maliciously.  This concept also includes “origin” or “source” integrity. For example, ensuring a company can confirm that any data they receive has actually come from the person identified as the sender.

3. Availability

By ensuring that all key information resources are available.  The loss of key data or downtime on one IT system could put the entire business at risk.

The controls

Businesses and IT systems, in particular, are continually under threat from old, new, known, unknown, internal and external threats. ISO 27001 focuses on identifying all risks to a business, evaluating them, and then putting in controls to mitigate them.

An ISO 27001 system is generally controlled through:

  • Policies and processes
  • Procedures and organisational structures
  • Hardware and software

A business must implement, manage and evaluate all these different factors regularly to ensure they continually improve their IT security. An external audit is an essential tool for verifying that all of these systems are in place and working effectively.

Additional benefits of an ISO 27001 accreditation

ISO 27001 is also a business organisational tool which can assist with the following areas:

  • Governance
  • Risk Management
  • Human Resources
  • Physical Security
  • Business Continuity
  • Regulatory Compliance

Summary

It makes sense to choose an IT support provider who is ISO 27001 accredited.  Of course, this standard alone cannot guarantee that a supplier is hyper-secure. However, businesses are still better off choosing to work with an accredited IT support provider because this standard represents a fundamental commitment to IT security.

It is also a good idea to choose an IT support provider who has been ISO 27001 accredited for several years. It can take some time for a provider to ensure the standards applies throughout the entire business.

/ Technical
Can cloud help businesses go green?

Cloud computing is more widespread than ever. 84% of businesses in the UK have adopted cloud in some form and 78% have formally adopted two or more cloud services in their business. But although flexibility, cost reduction and scalability are the most common reasons for utilising the cloud, what is often overlooked is its ability […]

/ Technical
How can law firms reduce the risk of cloud services

Rapid change within the legal sector nationally and internationally has made many firms look to the cloud for solutions. In times of turbulence, legal firms and, in fact, other businesses look for change, to get an edge over the competition, to pick up that golden chalice dangled in front of their noses by a smart […]

/ Technical
Microsoft’s new server offering: Windows 2012

I just wanted to take some time out to write about Microsoft’s new server offering, Windows 2012. There has been lots of hype over this operating system as a ‘Cloud OS’ and it certainly has lots of exciting features. But what a lot of people aren’t speaking about is how it can help the SMB […]