What does an ISO27001 information security audit look like?

Ensuring that our systems and processes are fully secure for all of our staff, prospects and customers is a non-negotiable.

Trust is one of the most important qualities in any relationship so we work hard everyday to ensure that we do the right things in our company.

Company data is important in any sector, not least one dealing with financial data like ours.

Listed below are a few reasons why Security should always be paramount in business.

Information security breaches can cause companies:

  • Financial loss
  • Reputational damage
  • Operational downtime
  • Monetary penalties costing millions of pounds.

What is ISO 27001?

ISO 27001 is the internationally recognised highest standard for information security management systems (ISMS), published by the International Organization for Standardization (ISO), in partnership with the International Electrotechnical Commission (IEC).

ISO 27001 is designed to protect the confidentiality, integrity, and availability of information.

Having an ISMS is more than implementing some security measures. It is an ongoing system of continual review and improvement, to ensure the highest possible standards.

At Civica, protecting the data that we hold is forefront, and therefore this accreditation gives us and our clients evidence of and confidence in the systems that we have in place to do that.

What does an audit involve?

An ISO27001 information security audit involves a full analysis of a selection of operating processes and documentation against the requirements of the ISO 27001:2013 Standard.

This is conducted by an external body and is in addition to regularly conducted internal audits throughout the year, of the following controls:

  • Information security policies 
  • Organisation of information security 
  • Human resources security 
  • Asset management 
  • Access control 
  • Cryptography 
  • Physical and environmental security 
  • Operational security 
  • Communications security 
  • System acquisition, development and maintenance 
  • Supplier relationships  
  • Information security incident management  
  • Information security aspects of business continuity management  
  • Compliance   

Combined, these ensure that the processes and systems we have in place are robust and allow for the necessary continual improvement.

Nantwich office audit 2022

On Friday 5th August 2022, our ISO 27001 annual external audit was carried out by Certified Quality Systems Ltd (CQS).

Our auditor proceeded to meticulously inspect all of our paperwork, test employees out with numerous security questions, take samples of our documents and review our pen test report.

No stone was left unturned as you’d expect with any high-level security audit.

We’re pleased to announce that, for the the third year in a row,

We have been awarded a Grade 1 Pass with zero non-conformances.

This is the highest level attainable.

Following last year’s successful audit, this current award is further proof that we take security seriously 24/7 365.

At day end as he was leaving, the auditor tried to depart with a door keycard for our electronic access system.

As always, Sarah was on high alert and politely requested its return.

We’re still not sure if this was accidental or a deliberate act to further test our security processes.