We are thrilled to share that following our first year as an ISO 27001:2013 accredited company, we received our first audit and received 36 passes and 0 advisories or warnings. You can’t pass with higher marks than that!
What is ISO 27001:2013
This standard is jointly created by the International Organization for Standardisation and the International Electrotechnical Commission. It details the requirements for establishing, executing, upholding and refining an information security management system (ISMS) within the framework of the organization. Additional requirements cover the evaluation and handling of information security risks.
Check out their page for more information: https://www.iso.org/isoiec-27001-information-security.html
How we implemented ISO 27001:2013 in Ballard Chalmers
We originally qualified for ISO 27001 in Feb 2020 after an initial consultation at the end of 2019 and an external audit in Feb 2020.
There were a number of improvements that we needed to carry out during 2020 to fully embed the ISO 27001 processes into our organisations and during 2020 we implemented all of these. We carried out periodic management reviews of our progress during the year, made all improvements and undertook a full internal audit covering all our processes in Jan 2021.
The following external audit was carried out in Feb 2021 and confirmed that we did a good job throughout the year in our implementations and improvements and we are very happy to achieve these results.
How ISO 27001-2013 Audits Work
An Audit is carried out in line with the QMS External Audit Programme against the Management System processes and procedures documented by the Organisation, based on the requirements of the Standard.
This is done to confirm that the requirements of the management system standard are effectively addressed by the Organisation’s Management System in accordance with the Audit Criteria. To confirm the ability of the Management System to ensure that the Organisation meets applicable statutory, regulatory and contractual requirements and meets its specified objectives. And finally, to identify areas for potential improvement of the Management System.