As business information is the most vital part of any company, most businesses have some form of data security policy in place. While this policy and the security controls may be introduced with the best intentions, the effectiveness of the policy can be difficult to maintain and organise. For example, most IT security policies may overlook vital information assets such as paperwork. The ISO 27001 standard was introduced to ensure that all aspects of data security are protected.
ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system".
The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation which is required to apply controls appropriately in line with their specific risks.
“Aeromark believe in a proactive approach to securing information security and integrity for our customers. Most service management software providers are only able to offer data centres which are covered by the ISO27001 standard which as a result doesn’t cover the largest part of the risk. At Aeromark our entire business scope is covered by these standards, from our hiring policies to how our team develop our software and of course our datacentres. In becoming accredited for both ISO 27001 and ISO 22301 we show Aeromark’s commitment to adhering to the international best practices of data protection and to meet the increasing expectations of our customers” - Roger Marks, Managing Director.
International Organization for Standardization
The decision to become accredited to ISO 27001 presents many different challenges to a business. The biggest challenge is the requirement to understand that previous company processes will need to change. Businesses are naturally apprehensive about change, especially in successful firms, however at Aeromark the decision to implement ISO 27001 throughout the entire scope and the change that it would bring was met with positivity.
“Despite having seen reluctance by other software providers to fully manage and minimise risk, we at Aeromark were excited at the idea of becoming certified to the ISO 27001 standards. We wanted our customers to feel assured that their data is protected to internationally accredited standards” said Roger Marks, MD Aeromark.
Service companies have access to sensitive data for millions of people, and a data breach makes them all potential victims of identity theft. It is important that this data is protected from risk. The map prepared by Norse below shows real time attacks happening across the world.
The realisation that many other service management software providers only had accredited data centres while the rest of their business was left lacking encouraged Aeromark to set out to ensure that every aspect of the business was conforming and certified to ISO 27001 standards.
We are producing a series of blogs showing the steps and the dedicated journey taken towards ISO 27001.