Security & Standards
We at Cirrico are committed to maintaining an effective Information Security Management System. With one of our core values being Trust, we aim to ensure that we are continually improving our approach in this area. We do this by methodically analysing any risks to the organisation’s information security and have put in place policies and procedures to manage any threats to our data and assets. As part of this, we have implemented the ISO 27001:2013 standard which provides us and our customers with assurance, knowing that our daily working processes and controls are in line with industry best practices and secure.
What is ISO?
ISO is the International Organization for Standardization and was created to help businesses manage risks effectively in a way which could be internationally replicated and reviewed. ISO 27001 is centred around managing information security and is part of a group of management standards offered by the International Organization for Standardization. These standards are all verified by an independent Certification Body and are only awarded once an organisation can show that they meet all requirements outlined.
Cirrico was awarded the ISO 27001 standard in June 2017 by the British Assessment Bureau, who are accredited by UKAS, the only Accreditation Body appointed by Government. This accreditation ensures that we are looking after essential data on a daily basis and are continually managing any security risks that may present themselves by being proactive, not reactive.
What are the advantages of gaining certification?
With the ISO 27001 certification we are able to show conclusively that we are always focused on keeping our and our customer’s information secure. The risk for potential data security breaches is minimised by adhering to this standard as well. Data breaches are a much discussed topic and there have been many high profile cases of data mismanagement. With our certification, we are able to demonstrate our operational excellence in this area as we work consistently to best practices and in accordance with EU legislation including General Data Protection Regulations (GDPR).
We have met the standards set out by the NHS DSP framework. Our organisation reference is 8KM08, you can view the publication here. This framework ensures we are able to work with organisations that work with the NHS and demonstrates our commitment to security.