ISO/IEC 27001:2013 – known as ISO 27001 – is an internationally recognised set of information security management system (ISMS) standards within an organisation. ISO 27001:2013 certification demonstrates that a company’s processes follow information security best practice.
Achieving ISO 27001:2013 certification, demonstrates that Platform 365 has implemented an ISMS that will protect the sensitive information of your schools and suppliers, thereby removing any stress for you of worrying about the safety of your systems.
Why is it so important that your IT provider holds ISO 27001 accreditation?
ISO 27001:2013 isn’t a standard that schools will need to demonstrate but it should be important to you that your IT provider does. There are other, well recognised cybersecurity accreditations, including Cyber Essentials backed by the UK Government. ISO 27001:2013 encompasses these requirements to an internationally agreed benchmark.
A Managed Service Provider (IT Support company) will have gone through two stages of rigorous audits before certification. Processes are fully documented and assessed, and members of the team are interviewed to confirm not just compliance but also understanding of the need for these practices and how they affect you, the client school. Annual audits validate that this level of high-quality ISMS is embedded in our organisation and therefore a kitemark your school can rely on.
How does this benefit your school?
The international standards organization (ISO) describes the standards as “a formula that describes the best way of doing something.” (April 2021, ISO website). Given that schools need the best, particularly when it comes to the safety of their data, ISO provides the reassurance that your school is in good hands.
Regular auditing by ADL Consulting between recertification, ensures our compliance is fully embedded in our working practices. This means that when new team members join us, they are fully inducted around the importance of data protection, GDPR and information security; with well-documented processes to refer to, this means our schools can be sure of high standards from every member of our P365 for Education team.
A provider with ISO 27001:2013 will ensure that your data is secure yet accessible for those that need it. Should the worst happen, and your school becomes affected by an accidental or malicious security incident, the quality processes implicit in this ISO accreditation will mean that any potential impact is mitigated against and, therefore, have minimal impact on the day-to-day running of your school.
Your next steps
- When looking for an IT support provider, look for the ISO kitemark and certification number. Ask to see your provider’s certificate to ensure compliance and question their internal procedures to ensure staff are adhering to this standard.
- Utilise your provider’s expertise to improve your own internal security processes and procedures. Consider using the Cyber Essentials framework for an audit of your systems and processes.
- If your current provider is not certified, why not?
How can Platform 365 for Education support you?
With our ISO 27001:2013 certification to reassure you of our excellence in ISMS, Platform 365 for Education can offer an independent audit of your current IT security. We will share a report with you and create a plan to implement any necessary works or collaborate with your existing provider to make your school safe.
Contact our Schools’ Development Manager for a conversation about your school’s IT Security and e-safety.
Further reading
https://www.iso.org/standards.html
https://www.adlconsulting.co.uk/
https://www.ncsc.gov.uk/cyberessentials/overview