Posted on

Second Skin gain ISO 27001 Information Security Certification

Scroll down to see more content

After a thorough accreditation audit, we are pleased to announce that we have achieved ISO 27001 Information Security Certification.

What is ISO 27001 Information Security?

ISO 27001 Information Security is an internationally recognised information security management system, specifically tailored towards managing the risks associated with operating a business in the digital age.

At Second Skin we hold important information about our clients, team members, products, processes and strategy, so our key priority is that this remains secure.

The ISO 27001 standard provides a framework for the development of information security management systems. The standards required us to be audited on our assessment and treatment of information security risks, tailored to the needs of our business.

Why do we need ISO 27001 certification?

As a business we have become more connected with increased information flows and we are now more reliant on this data and information than ever before. We take the sensitivity of this information very seriously, so the adoption of an information security management system is a strategic decision for us as an organisation. It confirms our commitment to managing information appropriately and responsibly.

Certification to ISO27001 is an endorsement that our information security meets international standards. This means our clients and stakeholders can have confidence that the systems we have in place to protect information are appropriate, effective and have been audited regularly.

What was involved in the accreditation process?

Gaining ISO27001 certification was a three-stage process conducted over several months, which included:

A stage one audit where the assessors focused on learning about our systems and benchmarking them to the nominated standards. Following this stage, we were issued with a report and full briefing so we could address the issues that the standards require.

A second stage audit was then conducted where the focus was on how well we had implemented our processes.  This was to ensure our systems were being followed, our teams understood what was expected of them and also we were achieving our objectives. It also included an assessment that our risk was being managed appropriately and the needs of our clients and stakeholders were being met. The assessors were more hands-on at this stage, spending time with our teams and assessing the work being undertaken.

Following these audits, a recommendation for certification was lodged and reviewed and the decision was made to grant us certification. 

We are all delighted that we were successful in this comprehensive certification process, it will ensure we have the processes in place to give our clients and other stakeholders the confidence that our information security risks are known and adequately managed.