Centre for Assessment helps My Wealth Cloud, an online file sharing solution, boost their data security with ISO 27001.
Nearly a year on from achieving the Information Management Standard ISO 27001 certification, there’s still a buzz around the office of Buckinghamshire-based My Wealth Cloud (MWC).
Founded in 2011, the company works with a range of wealth management practices and provides a secure cloud-based storage and sharing platform that enables collaboration and communication between businesses, clients and other key stakeholders.
“I've seen ISO 27001 grow from being seen as a ‘bit of an inconvenience’ by our staff, to something that is now incredibly well-resourced and discussed at board level,” explains the company’s development manager Leigh Gordine.
“The teams have really taken on board why we are doing it, and see why it's a benefit to the business, not just commercially but also from an ethical and moral standpoint.”
ISO 27001 certification offers proof that an organisation’s information security management system meets international standards. It also provides a framework to ensure that it is continually maintained and improved, to keep pace with new threats and risks.
“We are always looking to make sure that we have the most appropriate security and privacy controls in place,” says Gordine. “ISO 27001 sets a really good foundation by taking care of the technological and process-driven aspects of governance within the business.”
While it’s not obligatory, he continues: “Managing data and personal information securely is at the core of our business and many of our clients require that we have carried out the necessary due diligence checks on our own suppliers.
“The standard offers a quick and easy way of giving them the assurance they need. It shows that we take this seriously and that we have a process and a control framework in place that ensures we are continually looking to improve things.”
Working with Centre for Assessment, the company passed its accreditation last October. “What was great about our assessor’s approach was that rather than just sticking to a formulaic template and box-ticking exercise, he took the time to understand how the business operates,” continues Gordine.
He believes the award has brought a new clarity to the way they work. “We know that if we hit a problem, it’s going to be instantly flagged up,” he says.
“We’re also seeing potential problems before they get a chance to escalate, and we’re able to deal with them in a systematic, regulated and monitored way.”
The advent of GDPR has put even more scrutiny on the business and its suppliers, and ISO 27001 has ensured that their reviewing processes are also more robust. “We have a new due diligence questionnaire which leaves our suppliers in no doubt as to the standards we expect of them,” he says.
Centre for Assessment’s certification manager Helen Taft adds: “We also work with businesses in several other sectors, including law, finance, healthcare and recruitment around ISO 27001, and of course with the advent of GDPR, the whole issue of handling personal data is more pertinent than ever before.”