Collecting data is what we do! Enabling employees to donate via payroll giving to charities they care about is what we are all about.
We first became accredited in 2019, as we found the large organisations we work with, require the proof that data security comes first. Becoming accredited at first can seem overwhelming as the process can really drain time and resources from your team, but we knew it would be worth it and persevered. We worked closely with our IT supplier https://heliocentrix.co.uk/ as their knowledge and experience was invaluable; if you’re thinking of becoming accredited find another organisation who has had experience to buddy up with. I often describe it as learning a new language and the best way to do that is immerse yourself in it, by talking in the ‘ISO way’ all the time.
Using ISO27001 as our information security management system enables us to make sure we are reviewing systems, policies, and access rights when we need to, it adds the structure to all those good intentions. There is more information here on the standard itself https://www.iso.org/isoiec-27001-information-security.html
Part of our role in supporting UK employers deliver payroll giving is completing endless data assessments or third-party assurance forms and without our statement of applicability and the referencing the ISO27001 brings they would take so much longer.
Charities also need to know that those who represent them and work on their behalf to promote payroll giving are taking data security and I believe that being ISO27001:2013 accredited proves just that.
What I love most about the standard is that it makes you continually review and evolve, driving us forward to improve and ultimately that is delivering a more secure, innovative service to those that need us.
Quote from Helen Von Trotsenburg, Joint CEO, StC Payroll Giving;
“Our company collects and manages a large quantity of data and whilst we felt that we were doing a great job and that our systems were complete, it wasn’t until we began our journey to attain the ISO27001:13 accreditation, that we realised that we had a long way to go.
Whilst the initial preparation was lengthy, now that it is place and integral to the way we think about our systems and protocols, it has become a way of life for us.
That is not the only benefit however, our clients , both from the Charity and Corporate worlds, know that we have a sound management system in place which is audited annually and can be suitably comforted by this.
So, in a nutshell, it provides assurance both internally and externally that we are a robust company with excellent system management.”