ISO 27001 Information Security – don’t risk getting left behind!

Of all the risks facing businesses, information security is one that perhaps has the biggest potential to do the most damage with the loss of valuable and private customer data and the knock-on reputational impact and loss of trust.

As systems become ever more complex and hackers ever more sophisticated, keeping control of your information and ensuring it is secure should be a top priority that exercises the minds of all your employees from operations all the way to the board.

The pace of change in how we collect and deal with information has also been exercising the minds of the people who set the ISO standards and the key standard around this – ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection – was updated last October.

Businesses that have been certified to the previous standard (dating back to 2013) now have two years to recertify to the new standard or lose their certification altogether. Given the huge advantages and peace of mind the standard offers, it would be wise to schedule in recertification well before the 31^st October 2025 deadline.

At ISO QA, we have been working with new clients on the updated standard and there are a number of important features worth highlighting. These include the revision of information security controls and the inclusion of new ones such as threat intelligence, use of cloud services, physical security monitoring, end point devices, data masking and data leakage prevention.

In general, the controls have been updated to fit better with current threats and technology, increasing resilience to cyber-attacks and evolving security risks whilst not forgetting that paper-based data also needs to be protected.

Big names reported to have suffered data breaches this year include Twitter (now known as X), the UK Electoral Commission, the University of Manchester and Capita which provides payroll services to public sector services. Two UK police forces were also believed to have been affected by a data breach at a supplier who produces ID cards to officers.

One recent report on SMEs suggested that almost half of those surveyed had suffered from some kind of cyber incident in the past year, with several respondents suffering more than once. For SMEs, the challenge is frequently balancing the cost of cyber-security measures and improved software against the benefits – and also understanding what risks they are facing in the first place, especially in the post-COVID world of remote working and greater reliance on the cloud.

At ISO we have helped clients large and small – and across many sectors – to get to grips with vulnerabilities, and to protect the integrity, confidentiality and availability of data within their organisations. If you would like to talk to us about your information security needs please get in touch today.