More organisations demand business partners meet international information security standards, says SGS
As the security of vital business information becomes more critical – and more difficult to maintain – increasing numbers of organisations are demanding that their suppliers and business partners meet international standards on information security management.
“The threat of deliberate theft of information is increasing, so it is essential that the same security standards are maintained throughout the whole business process,” says Richard Skipsey, Global Product Manager - ISO 27001 and ISO 22301 at SGS, the world’s leading inspection, verification, certification, testing and training organisation.
“This includes all information that is valuable to an organisation, including everything from research and design prototypes to forecasts and negotiating positions. It is also important to note that this is not limited to online activity, and includes paper records, images and even conversations.”
SGS United Kingdom Ltd has just been accredited by UKAS to assess ISO/IEC 27001:2013, the new international standard for Information Security Management Systems (ISMS). This is an update to the 2005 version and reflects the changing threats that have arisen in the last ten years.
“It is still a distinct competitive advantage to be certificated to an ISMS standard and, in fact, many larger companies and government departments insist on it for suppliers. This requirement then cascades down to even small and medium firms who work with those suppliers,” explains Skipsey.
Even for those companies or organisations which do not need ISO 27001:2013 to make the tender list, undergoing the assessment with a respected and independent accredited organisation such as SGS, mitigates risk helping them to ensure their own processes and procedures are good enough to protect the information that is vital to their business.
“It is not just about thieves deliberately targeting online data. Information can be accidentally shared when laptops or documents are left on a train, or sensitive information in documents is captured via cameras with zoom lenses. Therefore it is essential to build a culture of information security throughout the business. Preparing for an assessment for ISO 27001:2013 is one way to ensure this happens.”
SGS has registered organisations to ISO 27001 in sectors as diverse as storage and distribution, data centre operations, protection of client information, secure destruction, financial outsourcing, telecommunications, and software development.
The updated 2013 version is based on a generic management system framework, making it easier to integrate multiple management system standards, and specific controls have also been added around cryptography and security in supplier relationships.
SGS is the world’s leading inspection, verification, testing and certification company. SGS is recognised as the global benchmark for quality and integrity. With more than 80,000 employees, SGS operates a network of over 1,650 offices and laboratories around the world.