Lifting the lid on the pitfalls of Information Security Management

You wouldn’t buy insurance that doesn’t cover the assets you want to protect - so why use a supplier whose data security scope doesn’t cover the services you’re paying for?

Any system or process is only as good as its weakest link, and there are some important clues to look for when selecting a technology partner - because things may not be all that they seem.

ISO27001 is part of a family of standards that ensures and verifies best practice for information security management systems (ISMS). It’s a systematic approach of process, technology and people that protects and manages an organisation’s information.

It’s often promoted as a key selling point, and purchasers are advised to check that suppliers are externally certified as compliant, rather than merely stating compliance with the standard.

The scope of certification is also crucial. Suppliers will happily confirm their ISO27001 certification, but their ‘Scope of Applicability’ (SOA) may not always cover the services you’re buying.

So, whilst on the surface a supplier may highlight that they have the accreditation, the actual service you’re buying may not be covered, and if something goes wrong, you could be liable under local and EU GDPR legislation - as both the controllers and the processors of the data are held accountable.

For example, if you’re buying a cloud service, and the scope only covers the partner’s data centre operations, then the service your buying probably isn’t covered.

This might seem a little ‘picky’, but cybercrime is reaching epidemic proportions. Information security and the need for protection has never been so important!

Making sure everything is watertight means that in the event of a data breach, you’ll have auditable proof that due diligence was carried out as part of your selection process, and that best practice has been, and continues to be followed through annual assessments.

External certification means that a supplier has been audited by a professionally approved body. In 2018, Sure’s ISO27001 processes were re-assessed and certified across ALL technologies and support functions by the British Standards Institute (BSI), who operate in 182 countries and across 128,000 sites.

When you trust your data to Sure by working with us, our technical, legal and physical accreditation ensure the security of your information across all our services, giving you total peace of mind that you are getting the best in security management.