ISO 27001:2017 – How We Keep Our Data Safe
Information security is a hugely important issue in 2020, with the holding and sharing of information being an integral part of society.
At Registry Trust we take information security seriously, especially when dealing with so much personal information. For that reason, we maintain the ISO 27001:2017 Information Security Management System.
We thought it would be a great idea to share our management system with our readers and let you know a little bit more about the standard that we adhere to, and what that means for us as a company.
What is ISO 27001:2017?
ISO 27001:2017 is a Information Security Management System that sets out to ensure information security throughout an organisation. It can be operated alongside any other ISO standard and creates a framework for managing business systems securely. The word ISO comes from the Greek work for ‘equal’, reflecting the fact that the standard is internationally recognised.
Each year we are audited on our Information Security Management System (ISMS) by a UKAS accredited organisation, to check that we are conforming to the standard as set out by ISO.
Every three years we receive a re-certification audit which is valid for the next three year period, subject to yearly audits by a UKAS accredited body.
Why is it important?
We process millions of records – 1.6million in 2019 alone, so ensuring that the information we hold is secure is of optimum importance to us. Everything we do, from the way we receive files, to the way we process judgments, involves each process, supplier and member of staff, careful consideration of our Information Security Management System.
Having an ISO certificate to reflect that means that everyone who works with us, or uses our services, is aware of the work we put into keeping the information we hold safe.
What does this mean for Registry Trust staff?
We have a dedicated audit team, who are responsible for ensuring that the company continues to conform to the standard.
Our audit team includes two internal auditors, who conduct monthly internal audit reviews using both a clause-based and a process-based approach.
The findings of our internal audits are reported to our management team on a monthly basis and any actions are followed up through a management action log.
All of our staff are aware of their roles within the ISO standard and all of our business practices keep the ISO 27001:2017 standard in mind.
Part of our staff awareness programme is about creating a culture surrounding information security. To do this we are always looking at new ways to engage with staff including developing quizzes, games and workshops.
By focusing on engaging with staff in different ways, we have found that there is an increased level of conformity to the standard, at every level of the organisation – something we take great pride in.
Our next external audit is scheduled for October 2020. You can view our most recent certificate here.
If you want to keep up to date with our latest blog posts, you can click here to subscribe for updates.