The Zinc Group Ltd has today announced that it has achieved its ISO 27001 Certification, ISO 27001, developed as a best practice standard by experts and target users, enables organisations to formalise and verify that risks are properly identified and managed. More importantly, it demonstrates to clients and stakeholders that their information is taken seriously.
In recent years the UK has seen a number of high profile data breaches which has seen the publics personal information being put at risk from misuse by fraudsters, Steve Bentley the Head of IT for the Zinc Group told us “as a company we have always made data security a top priority, our clients and customers data security is paramount in everything we do as a business, gaining ISO 27001 demonstrates to our clients just how seriously we take this, and outlines in very clear terms our commitment to ensuring that data placed in our care, is done so in the knowledge that it is safe and secure”.
Innovation and technology are two words we associate with very strongly at Zinc, said CEO Dougie McManaus, who went on to say “ as a company we have always put the needs of our customers and clients first, this has resulted in a number of innovations over the years which have gained us some notable accolades and awards, but when it comes to quality assurance the ISO Certification is as good as it gets, we had every faith in our systems and people when we set out to gain ISO 27001, but it still feels good to be told we meet and exceed the standards set out.
About ISO 27001
ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.
According to its documentation, ISO 27001 was developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.”
ISO 27001 uses a topdown, risk-based approach and is technology-neutral. The specification defines a six-part planning process:
1. Define a security policy.
2. Define the scope of the ISMS.
3. Conduct a risk assessment.
4. Manage identified risks.
5. Select control objectives and controls to be implemented.
6. Prepare a statement of applicability.