Following HireRight EMEA’s attainment of the ISO 27001:2013 Certification for data security, we’ve spoken to Jason Bryant to find out more about what it is and why it is such a big deal.
Hi Jason. Tell us a little bit about your role at HireRight and what an Information Security Manager is responsible for?
As the Information Security Manager for EMEA/APAC, I am responsible for the execution of information security-led directives for the region that fit in with the global strategy, as well as the Risk and Compliance team that answers all client due diligence questionnaires, and the Cyber Security team in the region monitoring alerts, actions, phishing emails, and collecting information externally on new threats. However, all of this can only be achieved if you have a good strong global team that integrates and communicates.
Why is data security so important for businesses?
Data security should be at the very heart of every business, both small and large. In the now ‘digital age’, data security is the means of protecting your digital data from destructive forces and unwanted actions such as cyber-attacks, data breaches and unexpected deletion from all users, both authorised and unauthorised.
Data security should be implemented with ‘privacy by default and by design’ as per best practice, as it safeguards not just personal information, but intellectual property, commercial interests, and all company activities. It also should include physical security, network security, security of all computer systems and files, and the ever-increasing usage of ‘the cloud’ if applicable.
Who is the ISO and what is ISO 27001:2013?
The International Organization for Standardization (ISO) is an international standard-setting body composed of representatives from various national standards organisations. It promotes worldwide proprietary, industrial and commercial standards.
ISO 27001 is the globally recognised standard for managing risks to the security of information you hold. ISO 27001:2013 (the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS).
What does ISO 27001:2013 Certification mean for HireRight EMEA and why is it a big deal?
Becoming certified to ISO 27001:2013 provides independent assurance that HireRight EMEA’s data security has been tested and audited in accordance with internationally accepted standards for good information security practice. Because it has an all-encompassing approach, our ISMS aligned and verified to ISO 27001:2013 has helped us to protect all of our corporate information and intellectual property, not just its personal data.
What does ISO 27001:2013 Certification mean for HireRight’s EMEA clients?
HireRight EMEA’s ISO 27011:2013 Certification will give its clients further assurances that their data is being handled correctly, safely, and securely.
How does ISO 27001:2013 fit in with the GDPR?
An effective information security management system (ISMS) that is audited and certified to the ISO 27001:2013 will meet requirements laid out within Article 32 of the GDPR, which talks about the security of processing data. The GDPR states that organisations must adopt appropriate policies, procedures and processes to protect the personal data they hold. HireRight EMEA’s ISO 27001:2013 Certification also provides firm evidence that HireRight has taken the necessary measures to comply with the data security requirements of the GDPR.
Finally, what quick tips would you offer businesses to help them with data security?
At the very least, align to a robust Information Security Management System and have a good policy framework in place. Stakeholder buy-in is essential, as it shows that the business from the top down recognises the value of data security at all levels. Finally, ensure that the policy framework is available and communicated at all levels – via training, tools like SuccessFactors, and internal awareness campaigns.
Read more about how data security links in to the GDPR in our latest GDPR blog post – Steps To GDPR Compliance: Security and Technical Measures
Find out more about why our clients choose HireRight – Why HireRight