In May, internet giants Google achieved certification to the ISO 27001 information security standard for their Google Apps for Business department. Whilst more and more businesses are taking to the ‘cloud’ via Google’s various Apps, there is still underlying worry amongst many when it comes to the security implications of entrusting information to an external provider. However, the shift to the cloud shows businesses realise that only the likes of Google can invest in security at a scale that would be difficult for many to achieve on their own. Nevertheless, Google chose to demonstrate how seriously they take information security by opting for the internationally recognised ISO 27001.
In order to have achieved certification from an independent Certification Body, Google would have been checked for a risk of information security threats, the potential impacts, and the controls in place. Their management system would have been assessed to ensure it is robust for any future requirements.
Google’s certification audit took 6 months and the certification covers its technology, data centres, processes and systems used for cloud computing service applications. Thanks to ISO 27001, Google is optimistic that it can draw large financial institutions as well as the public sector into using its services such as Gmail, Docs and others.
When it comes to more regular users, Google can not only appease current ones, but it can attract those sitting on the fence when it comes to cloud computing. This even applies to their free Gmail service, Google claiming it benefits from the core technology layer overlap. With internet technology moving so quickly, Google has managed to show that they are forward-thinking, which can only help their reputation when being judged against well established competition.
You don’t need to be a huge organisation to benefit from ISO 27001, however. Like all of the International Organization for Standardization’s (ISO) management standards, it is applicable to organisations of any size or sector. It is therefore relevant to any business that holds important information, especially concerning their customers. The standard adds both protection and trust, and thanks to its internationally recognised status, is being required more and more within Pre Qualification Questionnaires (PQQs) for tenders. With business being harder to win in the current climate, ISO 27001 could prove the key to open new doors, as well as the tool to improve how your organisation manages security.