WRS Gain ISO Accreditation 27001
The IT industry and its security are becoming more and more of a focal point to reassuring our customer portfolio, and ensuring we are excelling with their expectations in the ever-changing ePOS market.
After some serious expansion within WRS HQ in 2018, it was time to nourish what we had and review how we can make it better and more secure to be as risk adverse as possible. Our customers trust us with things that have been described as ‘there baby’ when it comes to their business. As an ePOS service it is very much what makes it all come together, being able to analyse all areas of the business. Our systems have been proven to help with data feeds and reporting to managing staff shifts and clocking in and out.
We began looking at some research for the company to find out what is most recognised and what we should be looking to achieve for future proofing the business. Through some of our elite and larger customers we found the answer – ISO accreditation 27001.
We had numerous ‘holes to jump through’ per say when we contacted a third-party consultant to come in and talk us through what ISO was, and how we did it. The answer was a lot of work. Everything from changing passwords more consecutively throughout the business, server updates, staffing protection and data, to asset tracking the entire WRS estate, meaning everything that came in and out of the building for customers had to be tracked and have a reference, a mammoth task bearing in mind we had our own stock room.
Looking back, we could not have completed it without the help of a consultant to audit and organise us. Everything from what we should be cross referencing with what, the advisories on how to lock information down with no paper trail – it felt a little FBI but we got to work.
We were given a time period of approximately six months to complete action points to ensure we were in good stead to receive the certificate. We prepped by delegating out appropriately to a trusted senior team of six people with the tasks in hand, i.e. the HR manager taking care of the staff data and contracts and got to work.
The old cliché of Communication is key was very apt in this case, meeting regularly to review what we had done and how that cross referenced with another area. This was to ensure when we were making these changes, they were not having any after effect to other protocols we had in place.
We began seeing all the improvements come together and got to grips with the new procedures, ensuring everything was prepped for our consultants visit to hopefully receive that certificate and be accredited.
On the consultants visit we chatted through all areas of the action plan and what we had been left to implement and adjust to meet the obligations of the ISO guidelines. The meeting went very well, where everything was checked over and reviewed met what had been asked of us as a company. By the end of the day we were able to be signed off as ISO accredited 27001 and received our certificate. The consultant then gives you a review date in approximately twelve months to come back and audit us to ensure that not only have we implemented all these procedures, but they are being followed accurately within all areas of the business. Following these procedures and ensuring the whole business and the staff are doing the same we began planning the next stage – communicating it out to the staff.
WRS has thirty-five employees and is growing all the time, meaning meetings/workshops on what this meant and how the staff had to complete tasks moving forward had to be planned and discussed appropriately to allow any uncertainty or questions to be answered.
The importance of these always being followed had to be the key objective, and if not, how to report such discrepancies and what we do to risk assess for next time. As a company it was decided to invest time in someone’s skills and expertise to come in to the business and communicate this over the board and the explain the fundamentals. We found an Employee Risk Management Information Security representative based on our local Isle of Wight and asked for a meeting to discuss what we were looking for and if he could be of help. This turned out to be very beneficial. The representative was able to offer his suggestions on how to do this, give us practical examples on how to explain it on their level, emphasising why we do the procedure and what it means to the business.
As we speak this is something that we are still scheduling in and will be based over a couple of days to allow all staff to participate and not have it rushed, highlighting the importance.
WRS now being ISO 27001 accredited was a mammoth task in the climate of expanding, moving premises and taking on the biggest ePOS roll out in ten years in the middle of it. However, the results have outweighed the work load without a doubt. We have been educated as a business to get the understanding of security we thrived, and where we want to be in the era of IT.
It has excelled all expectations and allowed all staff not to become too complacent with the ever-changing cyber security and GDPR field which puts us in good stead to reassure customers, old and new that we are a company that they can trust with their data and overall there business.