Information Security in a Digital Age
Last year we implemented a new CRM system, Talent Rover. It’s now been one year since we went live and it’s working fantastically well. We continually review our processes and make incremental improvements each and every week. One of the key drivers when we chose a new software solution was to make significant improvements to our data security. Recruitment organisations, by the very nature of what our work entails, collect a huge amount of personal data about candidates and with so many cyber-security breaches being reported in the news, it only seems a matter of time before recruitment companies are targeted. One in four companies report a cyber breach each year. I wonder how many aren’t even aware that they have been breached? The implementation and ongoing review of our systems & processes has taken us on an interesting journey which has culminated in us achieving Cyber Essentials Plus accreditation and I hope to announce soon our compliance with ISO27001.
As part of our ISO9001:2008 certification we regularly audit our internal processes in order to ensure they meet the needs of our customers. What became clear from this was that whilst we had safeguards in place to secure our data, there was an opportunity to do more. The external threats have become greater and the legislative landscape has evolved (GDPR for example). These reviews coincided with a number of our key clients asking us to demonstrate our commitment to safeguarding data, which has lead us down the two paths of Cyber Essentials Plus and ISO27001.
Cyber Essentials is the UK government scheme aimed at promoting cyber security for businesses, it is mandatory for all suppliers to HM Government that process personal information have this in place. The Cyber Essentials plus scheme includes an external audit that independently tests organisations’ cyber resilience. You can learn more about Cyber Essentials here https://www.cyberaware.gov.uk/cyberessentials/
Of course, Information Security is so much more than just a tech-orientated solution. When we started peeling back the layers and thinking about our entire information ecosystem, we felt there would be significant benefits to be gained from having an overarching management system to control potential risks and demonstrate to our customers that we take protecting their data very seriously. ISO27001 is the de-facto international standard for Information Security and is invaluable for monitoring, reviewing, maintaining and improving a company’s information security.
I look forward to being able to announce our compliance with the standard shortly. We hope that by taking these steps, our clients and candidates will continue to have (perhaps even an improved!) confidence in using us.