Thirteen Group has gained ISO27001 accreditation for its information management and data security processes and activities.
ISO27001 is the international standard for information security and risk. It assesses the systems and processes that organisations have to manage and improve how information and data is kept secure.
Hassan Bahrani, head of IT, Thirteen Group, said, “Applying for ISO27001 was a really rigorous process that involved people from across Thirteen. We store a wide variety of data, which includes very sensitive information about customers and other people we work with. So it’s essential that we have robust systems and processes to keep that data safe.”
To assess its progress, Thirteen asked assessors from SGS-UK to audit its processes and systems. The assessors met with staff from teams across Thirteen’s operations to understand how the housing provider manages its information.
The ISO/IEC 27001 auditor from SGS said, “I was very impressed with Thirteen’s systems, in particular its automation, how its systems are used and good practice within its project management governance. There was great use of automated workflows and the overall information security system was of a high standard, so ISO/IEC 27001 certification is recommended.”
Hassan said, “It’s vital we have this accreditation because it confirms that we have the right systems and policies to protect the data we manage. This will help us retain some important contracts and gives us the opportunity to bid for new work in the future.”
In addition to the management of its information, the SGS assessors also looked at security measures for Thirteen’s buildings and facilities, HR processes, communications and purchasing practices.