Circle working towards ISO 27001

Circle is actively engaged with a leading information risk management consultancy on the process of ISO 27001 accreditation.

Why ISO 27001?

We provide consultancy, implementation and management of digital information systems and services and are committed to the protection of information owned by us or processed by us. 

We deal with sites and databases that handle a wide range of sensitive and confidential data, therefore security, confidentiality and data-protection have always been at the heart of our thinking. We already maintain strong security procedures around access to our servers and data, but ISO 27001 requires us to formalise, fully document and regularly review these procedures, facilitating processes to constantly monitor and continually improve.
 
By implementing measures to robustly protect information using ISO 27001 methodologies, we are able to defend ourselves from not only technology-based risks, but other, more common threats, such as poorly informed staff or inadequate procedures.
 

What is ISO 27001?

An international, certifiable standard that encompasses three essential aspects of a comprehensive information security regime: 

  • people
  • processes
  • technology

What have we been doing?

As part of the accreditation process we identified and documented potential problems that could happen (risk assessment), and then applied appropriate safeguards to try to stop these incidents (risk treatment).

We have designed and implemented an Information Security Management System (ISMS) - a set of policies and procedures for systematically managing Circle's sensitive data. The goal of our ISMS is to minimise risk and ensure business continuity by pro-actively limiting the impact of a security breach.  

We ensure amongst other things that systems are secure by design, strong passwords are in use by all our users and all network traffic takes place over (SSL). We only use UK hosting with extremely high physical data-centre security and some of our servers are PCI scanned to ensure compliance with e-commerce standards.

We are currently going through the first round of audits at the end of 2017 leading to accreditation in Q1 > Q2 in 2018.  

You can find out more information on how we are going to use our ISO 27001 accreditation to help your organisation with GDPR here.