Circle is actively engaged with a leading information risk management consultancy on the process of ISO 27001 accreditation.
We provide consultancy, implementation and management of digital information systems and services and are committed to the protection of information owned by us or processed by us.
We deal with sites and databases that handle a wide range of sensitive and confidential data, therefore security, confidentiality and data-protection are at the heart of our thinking and we already maintain strong security procedures around access to all our servers and data, but wanted to focus, document and regularly review these procedures.
By implementing measures to robustly protect information using ISO 27001 methodologies, we are able to defend ourselves from not only technology-based risks, but other, more common threats, such as poorly informed staff or inadequate procedures.
What is ISO27001?
An international, certifiable standard that encompasses three essential aspects of a comprehensive information security regime:
- people
- processes
- technology
What have we been doing?
As part of the accreditation process we identified and documented potential problems could happen (risk assessment), and then applied appropriate safeguards to try to stop these incidents (risk treatment).
We have designed and implemented an Information Security Management System (ISMS) - a set of policies and procedures for systematically managing Circle's sensitive data. The goal of our ISMS is to minimise risk and ensure business continuity by pro-actively limiting the impact of a security breach.
We ensure amongst other things that systems are secure by design, strong passwords are in use by all our users, and all network traffic takes place over (SSL). We only use UK hosting with extremely high physical data-centre security and some of our servers are PCI scanned to ensure compliance with e-commerce standards.
We are currently going through the first round of audits at the end of 2017 leading to accreditation in Q1 > Q2 2018.
For more information on how we are going to use our ISO 27001 accreditation to help your organisation with GDPR, email us or fill in our online contact form.