Lifting the lid on the pitfalls of Information Security Management

Lifting the lid on security v2

You wouldn’t buy insurance that doesn’t cover the assets you want to protect - so why use a supplier whose data security scope doesn’t cover the services you’re paying for?

Any system or process is only as good as its weakest link, and there are some important clues to look for when selecting a technology partner - because things may not be all that they seem.

ISO27001 is part of a family of standards that ensures and verifies best practice for information security management systems (ISMS). It’s a systematic approach of process, technology and people that protects and manages an organisation’s information.

It’s often promoted as a key selling point, and purchasers are advised to check that suppliers are externally certified as compliant, rather than merely stating compliance with the standard.

The scope of certification is also crucial. Suppliers will happily confirm their ISO27001 certification, but their ‘Scope of Applicability’ (SOA) may not always cover the services you’re buying.

So, whilst on the surface a supplier may highlight that they have the accreditation, the actual service you’re buying may not be covered, and if something goes wrong, you could be liable under local and EU GDPR legislation - as both the controllers and the processors of the data are held accountable.

For example, if you’re buying a cloud service, and the scope only covers the partner’s data centre operations, then the service your buying probably isn’t covered.

This might seem a little ‘picky’, but cybercrime is reaching epidemic proportions. Information security and the need for protection has never been so important!

Making sure everything is watertight means that in the event of a data breach, you’ll have auditable proof that due diligence was carried out as part of your selection process, and that best practice has been, and continues to be followed through annual assessments.

External certification means that a supplier has been audited by a professionally approved body. In 2018, Sure’s ISO27001 processes were re-assessed and certified across ALL technologies and support functions by the British Standards Institute (BSI), who operate in 182 countries and across 128,000 sites.

When you trust your data to Sure by working with us, our technical, legal and physical accreditation ensure the security of your information across all our services, giving you total peace of mind that you are getting the best in security management.

Related articles

Paula Thomas Web v2

New Head of Enterprise Sales in Jersey

Paula Thomas has been appointed as the new Head of Enterprise Sales in Jersey.

Ai Image Websire v2

Innovation or a vulnerability: Is AI a threat to Cybersecurity?

We spoke to two of our professional services consultants, Grant Mossman and Malcolm Mason, and asked what their opinion on the rapid evolution of AI was and if this poses a threat to cybersecurity.

Chertesey house main image v2

Getting to the root of good connectivity with Chertsey House

With Sure Business's expert help, Chertsey House can concentrate on delivering first-class healthcare with efficiency, confident in the knowledge that their IT is taken care of. Read more to learn how we supported Chertsey with their technology needs.

Contact us to find out how we can help you
and your business today

Contact us