Organisations of all shapes and size continue to grow, to evolve, and to move into new markets. With this comes a need to meet criteria and legislation that may have not been initially planned for. This is especially the case when it comes to the subject of information technology and the security of data produced, modified and used by the wide variety of devices that any modern company uses.
Cyber security, in its various guises, has been garnering increasing attention over the last few years as many high profile organisations have suffered major breaches. This has brought into focus, for many, the need to not only protect data, but to have in place processes and procedures that can be audited and reviewed.
With collaboration across all industries becoming more and more data dependent an organisation is well within its rights to ask any member of its supply chain for documented proof of how it will ensure that the security and integrity is ensured. But what is that proof? What can a company do in order to prove that they have taken steps to secure their data and any that has been provided to them by a trusted third party?
For years the International Organisation for Standardisation (ISO) has been helping organisations all over the world make excellence a standard, by enabling others to perform better, through the use of standardised frameworks for organizational process management. An organisation that adopts, implements and obtains certification from ISO standard shows their customers, suppliers and competitors that they believe in best practice and ensure that this is part of their ethos and future development.
The benefit of using a standard, according to the ISO website, “To ensure that products and services are safe, reliable and of good quality. For business, they are strategic tools that reduce costs by minimizing waste and errors and increasing productivity. They help companies to access new markets, level the playing field for developing countries and facilitate free and fair global trade”
The standards they provide cover all aspects of process, from quality assurance, energy management, continuity, health and safety and many more. This now also includes information security, with the well-known ISO 27001 standard.
Relatively recently there has been the emergence of Cyber Essentials, the government backed industry supported scheme that encourages organisations large and small to adopt good basic practice in information security. A standard that is becoming mandatory to do business with many public and private sector organisations. So which is the right fit for a company? Is Cyber Essentials too basic and prescriptive? Is ISO 27001 too complex? Do these two sets of guidelines compete or complement one another?
Over the forthcoming 12 weeks ISO Quality Services Ltd and the National Cyber Skills Centre will dispel many myths, provide clarity and help companies get started on their preparations for securing their data, protecting their futures and those of their customers and suppliers.
The 12 weeks are to be split into three overarching topics, each one being discussed in four separate articles. The first topic is on-boarding, getting started, what do you need to do to approach the issues of information security. That will be followed by a collection of articles explaining how to obtain the certifications that demonstrate compliance with the frameworks delivering organizational Cyber Safe Cultures. Then in the final four weeks the topic of ongoing maintenance and governance will be covered. At the end of each topic we will collectivity provide a Q&A on what has been suggested, all with an aim to helping you, your organisation, your suppliers and customers, and your employees manage data in an effective, secure and transparent way, minimize the risk of a catastrophic incident, and develop a response plan should the worst case manifest.
The loss to businesses from data breaches and cyber-crime now runs unto the billions of pounds. Organisations cannot sustain such losses. Coupled with these financial losses is the erosion of confidence and reputation an organisation will face in the event of a major cyber related incident. And if that wasn’t enough breaching the data protection act and other legislation surrounding data use can result in heavy fines. The answer to this is good governance and security, both of which can be found at the heart of Cyber Essentials and ISO27001.
The National Cyber Skills Centre and ISO Quality Services Limited are collaborating on a 12 week series of articles, made available free their respective websites, to raise awareness for SMEs on how the adoption and adherence to a recognised industry or international standard provides the levels of information security and governance expected in todays business world.