Circle is actively engaged with a leading information risk management consultancy on the process of ISO 27001 accreditation.
Why ISO 27001?
We provide consultancy, implementation and management of digital information systems and services and are committed to the protection of information owned by us or processed by us.
What is ISO 27001?
An international, certifiable standard that encompasses three essential aspects of a comprehensive information security regime:
What have we been doing?
As part of the accreditation process we identified and documented potential problems that could happen (risk assessment), and then applied appropriate safeguards to try to stop these incidents (risk treatment).
We have designed and implemented an Information Security Management System (ISMS) - a set of policies and procedures for systematically managing Circle's sensitive data. The goal of our ISMS is to minimise risk and ensure business continuity by pro-actively limiting the impact of a security breach.
We ensure amongst other things that systems are secure by design, strong passwords are in use by all our users and all network traffic takes place over (SSL). We only use UK hosting with extremely high physical data-centre security and some of our servers are PCI scanned to ensure compliance with e-commerce standards.
We are currently going through the first round of audits at the end of 2017 leading to accreditation in Q1 > Q2 in 2018.
You can find out more information on how we are going to use our ISO 27001 accreditation to help your organisation with GDPR here.