On Thursday 22nd August, myhrtoolkit achieved the internationally recognised ISO 27001 information security management standard. Our certification follows a three-day external auditing process and demonstrates our dedication to maintaining the most comprehensive data security standards in the design, development, implementation and support of cloud HR software to our customers.
Achieving ISO 27001 certification is a huge accomplishment for us. It was a year’s undertaking and the sense of achievement felt by the company is testament to the commitment and hard work everyone has put into the project.
Amanda Grimstone, Compliance Manager with Jon Curtis, Managing Director
What is ISO 27001?
Controlled by UKAS (United Kingdom Accreditation Service), ISO/IEC 27001:2013 (ISO 27001) focuses on protecting the confidentiality, integrity and availability of the information we hold and requires companies to show a systematic and rigorous approach to managing customer and company information so that it remains secure. We achieve this through an effective Information Security Management System (ISMS). The system involves methods of risk assessment, process management and continual improvement to protect and manage our information.
Why did we go for ISO 27001?
Following the introduction of GDPR in 2018, data security has never been more important. At myhrtoolkit, we deal with 1,000s of customers' data; it’s not only crucial that we collect, handle and store this data securely, but demonstrate our compliance against international standards.
Amanda Grimstone, Compliance Manager at myhrtoolkit said: "Although as a business we already had the foundations and good practices in place, we decided to invest in the ISO 27001 certification to provide additional transparency to our customers and reinforce our commitment to protecting the security of their data."
In order to meet the complexity of the standard, we spent the last twelve months navigating the mountain of documentation and implementing formal procedures across the business. We also went through an extensive training period. This ensured that every member of our team was on board with what we wanted to achieve. Everyone recognised their responsibilities in achieving and maintaining certification.
Jon Curtis, Managing Director at myhrtoolkit said: “We’re thrilled to have achieved ISO 27001 certification and hope that it will provide additional assurance to our customers and prospects that we see data security as a top priority for our business. We are committed to maintaining these standards and will continually identify areas for improvement."
We’re certified, now what?
Achieving ISO 27001 certification isn’t just about having another shiny certificate on our wall. One of the main principles of the ISO methodology is a focus on continual improvement. So our work doesn’t stop here! We will continuously review and improve the processes we have in place to make sure that our information stays secure. This will remain true no matter how much our business grows, or as new security threats emerge.
In order to maintain certification, we will need to undertake annual assessments. The business will also undergo a re-certification audit every three years to demonstrate our commitment and continual improvements to deliver effectiveness.
If you have any questions about ISO 27001 and what it means for you as a customer, get in touch.