In this series of blogs we shall be investigating the ISO27001 accreditation.
This first blog in the series will act as an introduction to the certification, whilst in part two we shall be examining the accreditation in more detail.
In our third and final blog we will explain how you can ensure that your organisation is as compliant as possible with the ISO27001 standard even if you have not received this accreditation.
What does it really mean that a hosting provider is ISO27001 accredited?
Finding a hosting provider with an ISO27001 accreditation means that you can feel safe in the knowledge that that organisation is committed to information security at every level.
In order to earn this official recognition, a company has to be exhaustively audited by an independent third party against exacting and detailed standards.
That organisation will have identified ‘information assets’ within a specified ‘scope’ and assessed the risk to each in relation to confidentiality, integrity and availability.
‘Risk’ is scored by assessing the impact of an event occurring against the likelihood that such an event would take place. In order to earn the accreditation, a hosting provider will have employed controls to reduce this risk to an acceptable level.
Can my organisation be ISO27001 accredited by association?
If your hosting provider is ISO27001 accreditaed, this unfortunately does not mean that you are also accredited by association. However, any services exclusively managed on your behalf, by the provider, are operated in compliance with the ISO27001 standard.
The areas not compliant with the ISO27001 standard are those actions and procedures conducted independently by your organisation.
Are all ISO27001 accredited providers equally qualified?
It is important to understand that not all ISO27001 accredited providers are equally qualified.
There are a number of accreditation details which are important to bear in mind:
- Is an organisation accredited / registered?
- If they are a UK based organisation is the accreditation UKAS approved?
- Can you independently verify the ISO accreditation via the independent auditors using the unique certificate number?
- What are the ‘scope of activities’ included within the organisations accreditation?
In parts two and three of this series of blogs we shall look at each of these aspects in more detail.