Jo Sanchez, Chief Operational Officer, highlights the importance of keeping client data secure in order to provide their promised high quality of service. Sondrel needed a solution to illustrate they take their client’s sensitive information seriously.
“Any information concerning the design of a client’s new product is highly confidential and subject to Non-Disclosure Agreements. Sondrel has to handle customer data in a secure and confidential way.”
Sondrel strives to demonstrate their commitment to site physical data security including risk management for their international existing and prospective clients. Joe and her colleagues explored how the Information Security Management Standard, ISO 27001, could benefit the business, projects and employees alike.
“ISO 27001 is an internationally recognised standard – and we were looking to demonstrate we meet best practice to our global customer base.”
With the need to prove data stored at Sondrel is secure, ISO 27001 provided the company with the opportunity to reassure clients that strict procedures are in place and that staff are compliant. Joe commented;
“It is important that our customers know that their data is secure, and that the employees within the company are engaged and aware of the importance of this. Staff often have to abide by specific physical and data security requirements specified by the customer – so 27001 is an added reassurance.”
The start of the certification process begins with an initial Stage 1 audit by a BAB assessor. A Gap Analysis is included so organisations come away knowing exactly what is needed in order to achieve successful certification. While the idea of an audit can be daunting, the reality is many businesses are doing plenty of good things already, it’s just that processes aren’t formalised. Joe commented on the audit experience;
“We were walked through the ISO process at a pace that suited us and, with the help of the auditor, the whole process ran smoothly!”
By implementing ISO 27001, Sondrel had the opportunity to benchmark their existing procedures and involve their staff. Implementation increased understanding of the importance of data security, resulting in improved internal communication and client satisfaction. Joe explained;
“The process of bringing together all the relevant procedures has involved all employees engaging with this subject, whilst re-enforcing the importance of ensuring our customers are receiving the best possible service.”
For Sondrel’s clients, ISO 27001 promises the company is committed to keeping client’s data secure and having procedures in place to solve issues that may arise. Sondrel join the likes of Xerox in providing assurance to their clients that data is safe in their hands, thanks to help from ISO 27001. Joe rounded up with how ISO 27001 compliments the business ethos;
“We are always looking to highlight to customers that we are a professional consultancy, following best practice and monitoring our physical security and data on an on-going basis. As a result [of ISO 27001:2013] we have systematically audited our processes and procedures.”