At advo, managing Payroll, Employee Benefits and HR for our clients means handling a vast and varied range of data. Originating from an insurance background, and as an FCA approved broker, advo are well accustomed to ensuring strict compliance with regulations relating to data and treating customers fairly. We smoothly adapted our working practices and systems inline with the 2018 GDPR law changes however we wanted to further demonstrate our dedication and expertise in handling sensitive data for clients. In 2019 advo embarked on the journey of becoming ISO 27001 accredited. This is an internationally recognised accreditation and is the world’s best-known standard for information security management systems (ISMS) and their requirements.
After successfully achieving this accreditation in 2020, advo recently went through re-certification which is done regularly to ensure organisations are still meeting the ISO27001 standards.
advo’s Operation Director, Gill Mateo
“We are very pleased to announce that advo has gained re-certification for ISO 27001 Information Security Management System. This is an international standard recognised all over the world, proving to our customers that we know how to look after and protect their valuable data. The re-certification included a vigorous five day audit where we were asked questions about our processes and had to provide evidence that those processes are embedded into our culture. We are also really pleased to confirm that the auditor found no major or minor non-conformities with our policies and only a couple of very minor opportunities for improvement. Moving forward we are planning to transition to the new ISO 27001 standard which has been updated from the original 2013 version and will be audited again in November.
Kevin and I would also like to thank advo’s Compliance Officer, Cricket Brookfield for all of her hard work keeping us on track and making sure that everything was in place and ready for the audit. The amount of data, logs and policies we have to keep updated is huge and it is no mean feat to keep everything in order.”
This accreditation is very important to advo. We take the management of our clients data seriously and understand the trust our clients give us in processing their sensitive data. The importance and need for the ISO27001 accreditation is summarised perfectly by this extract from a recent Forbes article.
“Organisations collect, store and process vast amounts of data today. Employee information, supplier information, customer information, intellectual property, financial records, communication records—all common types of data that ordinarily exist in almost every business.
When organisations fail to secure or protect this data, it exposes them to a host of business risks like breaches, financial losses, reputational damage or even potential fines and prosecution.
To overcome this challenge, the International Standard Organization (ISO) created a comprehensive set of guidelines called the ISO/IEC 27001:2013 (a.k.a. ISO 27001). These standards help global businesses establish, organise, implement, monitor and maintain their information security management systems.
Unlike standards such as GDPR or HIPAA that primarily focus on one type of data (customer information or personal health privacy), the ISO 27001 encompasses all kinds of business data that is stored electronically, in hard copies (physical copies like paper and post) or even with third-party suppliers.
The ISO 27001 certification is applicable to businesses of all sizes and ensures that organisations are identifying and managing risks effectively, consistently and measurably.”
If you would like to find out more regarding how advo keep our clients data safe why not drop us a line on firstname.lastname@example.org or 01622 769210. We are here to help!