The company managed to achieve accreditation with no major or minor non-conformities and only one ‘observation’ which validates that their approach to managing and protecting data is directly aligned with information security best practice.
Stew Hogg, senior consultant at Waterstons, who led their ISO27001 initiative said:
“We were delighted to achieve what's recognised as the 'Gold Standard' in information security. As a business and IT consultancy we regularly advise organisations on the risks posed to their businesses around information security and help them to devise and implement strategies to reduce and manage those risks appropriately. It was important to us to practice what we preach!
ISO27001 was often thought of as something larger organisations needed to worry about. However, with every business’ mounting dependence on technology to succeed and the increasing volume and sophistication of cyber-attacks, it’s important that all companies take information security seriously to protect their business and that of their customers.”
Organisations certified as ISO 27001:2013 compliant must be independently audited every year to validate their adherence to the standard. The standard ensures that 114 “controls” designed to reduce data security risk are reviewed and implemented across the organisation. These include factors such as staff reference checks, physical perimeter security, network security, supplier management, critical data encryption, business continuity planning and incident management procedures.
Susan Bell, CEO of Waterstons comments
"We take pride in being our customer's trusted partner. Protecting our organisation's information and that of the clients we work with is of paramount importance to us. This achievement is recognition for the already well established information security culture we've developed here at Waterstons. Not every company needs to go down the ISO27001 route, there are other frameworks that can be tailored to suit an organisation's needs. However, our accreditation with this 'gold' standard gives our customers confidence that whatever security needs they have, they can rest assured that the advice we provide is in line with the latest thinking."