What is ISO 27001 accreditation?
ISO 27001 is an international gold standard for information security. Being ISO 27001 certified means that an organisation has been independently verified to follow best practices for managing the security of information.
This involves:
- Establishing an Information Security Management System (ISMS): Implementing a detailed and systematic approach to managing sensitive company information so that it remains secure. This includes information related to people, processes, and IT systems, and spans many policies and controls.
- Risk management: Identifying potential risks to information security and implementing measures to address these risks.
- Compliance: Meeting the requirements set out in the ISO 27001 standard, which are designed to ensure that organisations have robust security controls in place.
- Continuous improvement: Regularly reviewing and improving the ISMS to adapt to new threats and changes in the organisation.
Certification is granted by an accredited certification body after a thorough and complex audit process. The certification allows for trust and certainty for all of our stakeholders that we as a company are fully committed to the security of sensitive data.
What the process was like for Portable
Portable achieved ISO 27001 certification after a rigorous process lasting approximately seven months. This significant accomplishment involved collaboration from various departments across the business, including Technology, IT Services, People & Culture, Business Support and Senior Leadership. The certification process impacted the entire organisation, necessitating robust, company-wide change management to implement new or altered requirements for our employees and their workflows.
We partnered with Drata, a world-leading compliance automation platform, which supported us throughout the journey to certification and continues to assist us in maintaining compliance. The certification involved a complex and thorough multi-step audit conducted by an independent auditor, with annual audits scheduled to ensure ongoing compliance.
What it means for Portable, and for you
Obtaining ISO27001 certification, an industry best practice standard for information security management processes, has meant that Portable has been through a rigorous review and process improvement phase exploring all aspects of the way we manage information security, data privacy and handle intellectual property.
Portable has invested in the people, processes and technology to protect our data, and that of our clients and prospective employees, and this certification provides an independent, expert assessment of our data being sufficiently protected. The amount of digital information shared, and the complexity of our clients’ governance structures and requirements, is ever rising. We commit to these standards fully both for our own sake and for our clients and partners.Â
Trust is dynamic in relationships. Because we work with Drata and are certified, we have an independent site dedicated to the work Portable does behind the scenes to uphold our rigorous security standards. Visit at any time.