ISO/IEC 27001:2013 is a internationally respected standard focused on information security. The ISO/IEC 27001 is the best-known standard in the family, and requires organisations to create, and adhere to, best practices for an information security management system (ISMS). Companies may choose to implement an ISMS and benefit from its best practice, or, do as Coderus did, and have its efforts certified too.
Coderus’ own certification efforts centred on developing robust processes and controls to formalise its own ISMS, the benefits of which are already benefitting the company. These include robust operations and process control, underpinned by clear roles, responsibilities and competence, a framework for change management, systems security and access controls and supplier management.
Andy Mills of Applied Risk Management Ltd, said, “Coderus was already well versed in the benefits of becoming an ISO certified company, having gained the ISO 9001:2015 certification in 2016. They had a great management framework; I wanted to emphasise that it’s about doing what you do every day, but doing it more wisely.”
Mark Thomas, MD of Coderus said: “I’m really pleased to add ISO/IEC 27001 to Coderus’ accreditations. As a business, continual improvement is a core value and this is reaffirmed in our efforts.”
Michelle Blake, Compliance Manager, continues: “We strongly believe that demonstrating good security practices isn’t just a box-ticking exercise – it allows us to implement robust processes and controls to protect our business against threats, such as data theft, data leaks and cyber attacks.”
“Just as importantly, it allows us to run a business in a well governed and efficient manner, aligning us for example with GDPR regulation. Thanks to the previous work with the ISO 9001 quality management system, we were in good shape for this certification and we look forward to building on yet another milestone for Coderus.”