fbpx
ISO 27001 Certificate

At Carden IT Services, we have recently added to our ever-growing collection of accreditations by becoming ISO 27001 compliant.

Unlike our previously gained ISO 9001 accreditation which focused primarily on quality and consistency of service, ISO 27001 focuses on information security.

We have always had a security-first approach to IT, for both our own networks and our customers. Through a combination of ransomware protection, multi factor authentication, network antivirus, and other professional cybersecurity measures, Carden IT Services keep your data safe.

ISO 27001 _ 2013 Certificate
ISO 27001

For those unaware, ISO 27001 is one of the ISO Quality Management Systems. A quality management system is a set of procedures and guidelines on how to deliver services and maintain consistency across an organisation as well as between different organisations. 

ISO 27001 sets out a standard for Information Security Management Systems. In layman’s terms, this means having a defined policy for how we store, protect, and access sensitive data within our organisation. 

What Is Actually Covered by ISO 27001?

There are over 100 different stipulations to ISO 27001, covering information security practices from the individual user all the way to the network level, but they can be grouped into several general areas. 

Information security policies 

Clearly written and communicated information security policies. 

Organisation of information security 

Assigns responsibilities for specific tasks. Also addresses staff working from home and how to maintain security when accessing our network from different devices or locations. 

Human resource security 

Ensures that employees and contractors understand their responsibilities. 

Asset management 

Concerns the way in which data is classified and assigned appropriate protection measures. 

Access control 

Ensures that members of staff can only view information that is relevant to their role. 

Cryptography 

Best practices for the use of encryption to ensure the confidentiality, integrity, and availability of the data concerned. 

Physical and environmental security 

Preventing unauthorised physical access, damage, or interference to our organisation’s premises, hardware, or the sensitive data held therein. 

Operations security 

Addresses network security, backups, malware, and data loss prevention measures.  

Communications security 

Concerns the security of information in transit. Both within the organisation and between organisations. 

System acquisition, development, and maintenance 

Sets out security requirements for internal systems which are uniform and can be applied to new systems as the organisation scales or changes. 

Supplier relationships 

Deals with the protection of assets which may be accessible by third parties such as our contractors or suppliers. 

Information security incident management 

A step-by-step process detailing the response to a data breach. Going above and beyond what is legally required by the GDPR. 

Information security aspects of business continuity management 

Practices for providing a continuity of information security during a business interruption.

Compliance 

This ensures that we identify relevant laws and regulations for our sector. 

Why We Have Chosen to Gain ISO 27001 Certification

Cybersecurity is the number one concern among our customers. While we are confident that we have, and have always had, a diligent and highly effective approach to the protection of our customers’ data, we wanted to make our commitment to this official and demonstrate to our new and existing partners that we committed to information security.  

The Future

Carden IT Services is now ISO 27001 compliant in addition to our existing ISO 9001 compliance (read more about the requirements here), but we’re not done yet! We will continue to demonstrate our high standards to our customers, our suppliers, and ourselves. Watch this space to learn more as we gain further accreditations, certifications and awards.

Author: Dave King

Dave King is the Co-Founder and Director of Carden IT Services and the wider Carden IT Group. Dave has over 18 years’ experience in business IT networks with a focus on IT consultation and disaster recovery planning/testing.

      Send Us A Message