We are proud to announce that for the second year in a row we achieved the internationally recognised ISO/IEC 27001 certification.
This accomplishment was a natural and crucial step for us as a business trusted by the world’s biggest brands in media and sports to power real-time engagement as a way of creating and deepening their relationship with audiences and fans.
We have always considered ourselves to be very security-aware as a business and to be both knowledgeable and well informed about information security risks. Recently we have seen many of our customers take a more formal approach to information security, many of them adopting the ISO 27001 standard themselves. One effect of this is the introduction of processes to review the information security controls in their supply chain, sometimes using third-party services to support these checks.
The 2022 UK Cyber Security Breaches Survey states that 40% of UK businesses reported experiencing an attack or breach in the last 12 months, and highlights the increasing global risks and cost of cyber attacks.
We took the decision to get ahead of the game, and to go from being a company that had good working knowledge of information security to being one that had an Information Security Management System (ISMS) in place that meets the ISO standard.
The process, led by our excellent Infrastructure and Security team, involved the whole business upping its information security game. It included:
working through over 30 new or updated information security policy documents
a series of workshops led by the experienced security consultants at Softcat
Introduction of regular security training for our entire team, ensuring that they are always up-to-date on our own policies and processes as well as the latest information and security threats
embedding of good information security practices like phishing tests, antivirus (yes, even on a mac!) and learning to assess our projects and products for information security risks
Implementing ISO27001 is a huge team effort, and certainly not a task that can be delegated to one individual. Nor is it a one off exercise. Our support team have become internal auditors, ensuring that we all stick to the processes we have committed to until our next monitoring audit comes around next year.
We are delighted to have gone from being a company with good working knowledge of information security to being one that has an Information Security Management System (ISMS) in place that meets the ISO standard. And we look forward to passing on the benefit to our customers.