Don’t believe the hype! Lip service with the ISO 27001 standard
As an employee who has the privilege of representing SD Worx to an awful lot of prospective clients, I get to hear what’s important to the market straight from key decision makers.
ISO 27001, and data security in general, is one of the hottest topics in our market space.
Why’s that?
GDPR. If you don’t know what ISO 27001 is (and you really should), it’s a specification for an information security management system. If you don’t know what GDPR is, then read this great article.
I’m not here to give you a breakdown of ISO 27001, or even tell you that much about GDPR. I’m going to give you a brief summary of the common terms you may hear an organisation boast about ISO 27001, and what they actually mean.
ISO 27001... what’s that?
This should be a warning sign to any company that take data security seriously. With GDPR less than 6 months away, this lazy appraoch to data security just doesn’t cut the mustard anymore.
We’re working on it!
Broadly speaking, this means nothing! When someone says they’re working to the standard, that’s great... but it still means they don’t have it. One of the reasons organisations aspire to have ISO 27001 is because of the credibility and security that badge brings. Worried about GDPR fines? Partnering with someone who has ISO 27001 is a lot different to someone who’s ‘working towards it’. The size of fine a regulator gives will be affected by the seriousness with which the offender has placed on data security.
We sort of have it...
A rather sneaky tactic is to proudly display the ISO 27001 badge as if the whole ogranisation has it. But, in reality, it may only be a proportion of the organisation, or a particular business unit. Like buying a car, you need to know that the MOT and service was carried out on the whole car, not just the chasis.
Well why don’t you have it?
There’s no getting away from it either, it’s a tough thing to get. It took SD Worx over 18 months, to achieve the certification. It has taken a lot of collaboration and hard work too with over 100 colleagues all doing their bit to achieve the standard required. In our world, that might not be seen as good as an investment in say UI or functionality, but I think that’s going to change!
In summary...
Don’t forget to take security and GDPR ever so seriously. More importantly, don’t be afraid to press providers for their actual credentials. We’re all going to be players in the post-Brexit world soon, and data secutriy is only going to become more and more of topic.
There’s a huge difference between thorough work and lip service.
Related articles
Payroll Question Time
Join our expert panel, and hundreds of members of the Payroll & HR community, at our monthly interactive webinar.
We break down all the latest changes in legislation and field your burning questions through our live Q&A!
When should local payroll go global?
You’ve got a good relationship with your payroll supplier. They understand you, support you, they’re your hero and your rock at the end of every payment run. But… What if there’s something better out there? What about moving to a global payroll provider?
An exclusive relationship isn’t the only option…
How to prepare for GDPR: the clock is ticking!
With just three months to go until the General Data Protection Regulation (GDPR) comes into force, the clock is ticking for HR and payroll managers to get the systems and processes in place to ensure compliance. The regulation, coming into effect on 25 May 2018, updates data rights for today’s networked world, and organisations ignore it at their peril.