W2 is proud to announce that – after a lot of hard work from all areas of the business – we are officially certified to the ISO 27001:2013 Information Security standard.
Over recent years, our clients have become accustomed to regular briefings on our ongoing GDPR, Information Security and Cyber-Security program so the granting of the ISO 27001:2013 certification will not come as a surprise to them.
Having successfully undertaken a number of external audits and reviews in recent years – driven by both partners and clients alike – we were confident that the majority of the foundational pieces were already in place and had been for some time now.
With the W2 website now boasting the ISO badge, we shared some tips on ‘Preparing For The Stage 2 ISO 27001 Audit’ in a previous blog post on how we in particular readied ourselves for ISO success.
With the auditor’s report, recommendation of certification as well as the in-depth technical results of the assessment all now in our possession, the blog post highlighted the extensive and thorough preparation undertaken by the team that positioned us well for such a positive outcome.
In the words of Benjamin Franklin “By failing to prepare, you are preparing to fail.”
Mindful that the size and complexity of your own business will dictate how many days the ISO 27001:2013 audit will last, it took 18 months of particularly hard work to get us ready for the audit process culminating in a week long exercise for W2.
Demonstrating our commitment to the ISO standard, we opened and closed the week with a meeting between the W2 Senior Management Team (SMT) and the ISO Auditor. A commitment that runs from top to bottom within our business – all applicable areas of the Annex A controls as well as all mandatory sections were fully assessed.
We know that the hard work doesn’t stop here.
Continuous improvement is now the name of the game.
What with internal audits, policy reviews and risk assessment reviews, we constantly strive to be better at everything we do.