What is information security?
Information is an asset which has value to an organisation and needs to be suitably protected. Information assets can be electronically stored, printed or written, transmitted by post or by electronic means or spoken in conservation. Whatever the form or medium that it is shared or stored in, it should always be protected.
Commonly, organisations are now being asked by their business partners to provide clear statements about their information security arrangements. Infohrm has their fair share of these requests – understandably so, as we need to be accountable for our actions. Working to an existing international standard such as ISO 27001 is one of the best means to achieve a comprehensive and thorough system that will satisfy auditors and business partners.
How do you get certification?
Certification is achieved through a process of external audit. As with any external certification, regular checking and re-certification audits are required to maintain the certification.
What is compliance?
Any company can produce a statement of compliance with ISO 27001. An interesting point is that the implementation and maintenance of a compliant system requires much of the same effort as achieving certification.
Aren’t you already practicing good security?
Yes we are! But is it enough? An auditor is interested in the proof that we practice solid information security. It is about being able to show evidence that our processes and systems are in place so that we can be truly accountable.
How will it help the business?
Businesses that hold industry recognised certifications are on the front foot in the eyes of their business partners. As Infohrm is custodian for our Members HR information we protect and manage their information within the defined framework of an Information Security Management System. Preparing for and achieving ISO 27001 certification demonstrates that we take Information Security seriously.
Infohrm’s Information Security Manager and members of the Security Forum work relentlessly to ensure that Infohrm is in the best possible position to achieve and maintain certification.