So, what is ISO 27001?
The International Organization for Standardization (ISO) is an independent organization that sets the global standards in areas such as security, safety, and quality. As the name suggests, its goal is to define standards for best practice that can be implemented, irrespective of an organization’s size, type, or location.
ISO 27001 is the international standard for Information Security Management. It requires a company to have a comprehensive Information Security Management System (ISMS); including the processes, procedures, and controls needed to identify and address risks to information security.
What does being certified to ISO 27001 mean?
It means that dotdigital has built an ISMS that complies with the ISO 27001 standard, and that all components of the system have been independently audited by a UKAS accredited certification body – Alcumus ISOQAR.
Certification lasts three years, however it requires annual surveillance audits be conducted to ensure the ISMS continues to work effectively and drives continuous improvement to dotdigital’s security program.
What does this mean for dotdigital customers?
For a number of years we’ve published information on our security program in our Trust Centre. Achieving ISO 27001 accredited certification was the next step in our trust and transparency program. It demonstrates that we understand how important data is, the risks associated with it, and how critical it is that it is protected. What’s more, certification provides evidence that the methods we have put in place to identify and mitigate information security risks comply to an internationally recognized standard, and that they have been independently verified. We continue to invest in information security as a business and we recognize our huge part to play in securing our customers most valuable of assets: their data.
Online validation of our certificate can be found by searching for cert number 18479 on the Alcumus ISOQAR website here.
We are also Cyber Essential Plus Certified. Verification of that can be found by searching for dotdigital on the National Cyber Security Centre website here.