GreensafeIT has worked hard to implement ISO 27001:2013 into our core operations.
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation.
It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the business.
To fully implement the standard in only 5 months was a huge task but the team were very focused and delivered with no non-conformance’s.
Mark Aldington, Professional Services and Compliance Director stated:
“GreensafeIT adopted some key benefits in implementing this standard.
GreensafeIT complies to various regulations regarding data protection, privacy and IT governance – ISO 27001:2013 helps maintain the methodology which enables to do it in the most efficient way. This also helps with us pro-actively complying with GDPR.
In a market which is more and more competitive, it is sometimes very difficult to find something that will differentiate you in the eyes of your customers. ISO 27001:2013 is a unique selling point, especially if you handle clients’ sensitive information.
Information security is usually considered as a cost with no obvious financial gain. However, there is financial gain if you’re able to lower your expenses caused by any potential incidents.
Whilst there is still no methodology and/or technology to calculate how much money you could save if you prevented such incidents it is a step in the right direction.
As a company which has grown rapidly for the last few years gaining this accreditation has helped us to amend and create our processes and systems. It is also providing our staff with a greater understanding of the legal requirements surrounding data.
This has also enabled us to define key elements – who has to decide what, who is responsible for certain information assets, who has to authorize access to information systems etc.
ISO 27001 is particularly good in sorting these things out and will define very precisely both the responsibilities and duties, and therefore strengthen our internal organisation.”