ISO27001 – How it works for us
The big information security standard in a small business.
We are planning for this years ISO27001 re-accreditation right now! We have held the standard for 4 years now and when we look back, we can see how much it has grown and moulded our business today. Our Information Management Representative, Kara and our Managing Director Alice talk here about their journey so far.
How we got ISO27001 off the ground.
When we first implemented the standard we very much focused on the policies and the corresponding forms making sure it all matched up and was appropriate for our business.
Top Tip from Alice – don’t fall into the trap of following generic templates. Make sure it fits the needs and purpose of your business.
Back in 2018 when we were building the standard it was all in a huge folder as a paper format as well as electronically, with the master version under lock and key! You will be glad to hear it’s now just available electronically, we link all the relevant policies to the teams training plans keeping things as streamlined as possible.
Getting Comfortable
It took us quite a while to feel navigate the standard, as we are only a small business, we didn’t have funds to invest in huge amounts of training, so we were self-taught. The lightbulb moment came when we had our first external audit, and we really understood the purpose of the Statement of Applicability.
Top Tip from Kara – Everything starts with the Statement of Applicability, it will help navigate audits, updating policies the SOA helps show you all other aspects of the business that might be affected by those changes. Keep it as your go to document!
What’s next?
The new version of the standard and boy are we excited about it! Yes, we are complete geeks when it comes to compliance! The ISO27001:2022 is an upgrade and revamp of the existing standard with more focus on technical security and cyber security. This is only going to enhance what you already have. We are planning the changes ready for upgrading in spring 2024. There is lots of advice and information here .
Top Tip from Alice – invest in the ISO27002:2022 standard it will help you make the changes.
The standard means that when we deliver Payroll Giving for Employers and Employees around the UK it is done so with a great infrastructure and focus on data security behind it.