The Software Bureau is pleased to announce the achievement of 27001:2013 certification. The globally recognised standard of information security.
The specialist inspection, audit and certification firm SGS were chosen to conduct the certification process due to their reputation for providing the most thorough and stringent audit process which far exceed the minimum requirements for certification. SGS is one of a small number of assessors accredited by the sole national accreditation body United Kingdom Accreditation Service (UKAS). Being accredited by UKAS demonstrates SGS’s commitment to hold organisations such as The Software Bureau to not only the minimum UK standards, but to internationally agreed standards too. Clients can take confidence in The Software Bureau’s 27001 credentials are industry leading.
“Information security has always been front and centre of The Software Bureau so when we decided to pursue external certification, we felt SGS were the firm who could help us make genuine improvements to our processes and thinking. With our certification we haven’t just gained the 27001 badge, we really have improved our business and what we offer clients”
Martin Rides, Managing Director – The Software Bureau
As most reading this will know 27001 takes a top-down approach to the management of risks associated with information held by the organisation. An expansive audit process is conducted where every possible source of risk is considered. From who and how people enter The Software Bureau offices to which suppliers The Software Bureau work with and the infrastructure choices we make. Processes also come under the microscope with 27001 ensuring board level, minuted meetings feature information security risks, processes for communications with clients and of course the storage and management of data is aligned with best industry practices.
Another important theme of 27001 is continuous improvement. Although The Software Bureau’s certificate of compliance is valid for 3 years, it does require the business to undertake annual audits. These audits require the business to not only demonstrate conformity to the processes put in place prior to certification but we must also show progression and evidence how further measures have been taken to minimise information security risks. The theme of continuous improvement serves to ensure The Software Bureau Directors, Managers and Staff remain both vigilant to emerging risks and opportunities for demonstrable improvement to data management processes.
Now The Software Bureau provide data management software both on-premise and in the cloud it is more important than ever that our data security credentials are externally proven. In addition to ISO 27001, The Software Bureau also recently initiated and passed an NCC audit to further validate the information security standard of SwiftCore, the first of its kind online data hygiene platform.
Organisations using Cygnus on their desktop, Swift Suite in an automation environment or integrating the SwiftCore data hygiene platform directly into customer databases can now provide evidence of the high standards of information security and data governance held at The Software Bureau.
“It has been an incredibly valuable exercise which has provoked a detailed evaluation of every aspect of the business in relation to data and security. As a company providing data software it is particularly important that we hold ourselves to the highest of standards for data security and our approach to 27001 provides some external validation of exactly that.”
Bob Sheridan, Head of Compliance – The Software Bureau
View The Software Bureau’s ISO 27001 Certificate