Don’t believe the hype! Lip service with the ISO 27001 standard
As an employee who has the privilege of representing SD Worx to an awful lot of prospective clients, I get to hear what’s important to the market straight from key decision makers.
ISO 27001, and data security in general, is one of the hottest topics in our market space.
GDPR. If you don’t know what ISO 27001 is (and you really should), it’s a specification for an information security management system. If you don’t know what GDPR is, then read this great article.
I’m not here to give you a breakdown of ISO 27001, or even tell you that much about GDPR. I’m going to give you a brief summary of the common terms you may hear an organisation boast about ISO 27001, and what they actually mean.
ISO 27001... what’s that?
This should be a warning sign to any company that take data security seriously. With GDPR less than 6 months away, this lazy appraoch to data security just doesn’t cut the mustard anymore.
We’re working on it!
Broadly speaking, this means nothing! When someone says they’re working to the standard, that’s great... but it still means they don’t have it. One of the reasons organisations aspire to have ISO 27001 is because of the credibility and security that badge brings. Worried about GDPR fines? Partnering with someone who has ISO 27001 is a lot different to someone who’s ‘working towards it’. The size of fine a regulator gives will be affected by the seriousness with which the offender has placed on data security.
We sort of have it...
A rather sneaky tactic is to proudly display the ISO 27001 badge as if the whole ogranisation has it. But, in reality, it may only be a proportion of the organisation, or a particular business unit. Like buying a car, you need to know that the MOT and service was carried out on the whole car, not just the chasis.
Well why don’t you have it?
There’s no getting away from it either, it’s a tough thing to get. It took SD Worx over 18 months, to achieve the certification. It has taken a lot of collaboration and hard work too with over 100 colleagues all doing their bit to achieve the standard required. In our world, that might not be seen as good as an investment in say UI or functionality, but I think that’s going to change!
Don’t forget to take security and GDPR ever so seriously. More importantly, don’t be afraid to press providers for their actual credentials. We’re all going to be players in the post-Brexit world soon, and data secutriy is only going to become more and more of topic.
There’s a huge difference between thorough work and lip service.