We are delighted to share the results of our first ISO 27001 annual audit … an unqualified pass!
What is ISO 27001?
ISO 27001 is the internationally recognised highest standard for information security management systems (ISMS), published by the International Organization for Standardization (ISO), in partnership with the International Electrotechnical Commission (IEC).
ISO 27001 is designed to protect the confidentiality, integrity, and availability of information.
For more information see our earlier post.
What does an audit involve?
An audit involves a full analysis of a selection of operating processes and documentation against the requirements of the ISO 27001:2013 Standard.
This is conducted by an external body and is in addition to regularly conducted internal audits.
Combined, these ensure that the processes and systems we have in place are robust and allow for continual improvement.
How we continue to improve processes
We first obtained the ISO 27001 certification in March 2020.
Leading up to and after the initial audit, there were a number of ISO 27001 principles we needed to embed further into our processes.
Although this is a continuing cycle of audit and improvement, the results of the external audit conducted in March 2021, reflect the improvements we have implemented in the last 12 months.
We are very proud to have achieved an unqualified Grade 1 pass with zero non-conformances.