Many organizations are touting their ISO certification. But what does that mean? And what does that mean to you?
ISO-27001 is an international standard for managing information security. Specifically, it provides an Information Security Management System (ISMS) framework and requires organizations to implement policies, procedures, and other controls involving people and technology to protect information assets. The framework includes over 100 controls to identify, treat, and manage information security risks.
Becoming ISO-27001 certified is no small feat. Once you have made all the investments and improvements you think you need, you apply for certification. Certification includes a three-phase examination by external auditors as specified by the International Organization for Standardization (ISO). Research Results’ ISMS was audited and certified by the Certification Institute for Research Quality (CIRQ) in 2022. We will undergo a surveillance audit in 2023, another in 2024, and another full audit in 2025. Auditors dig deeply into a broad specification to collect evidence and confirm that you are doing what you say you are doing. The strategic plan at Research Results is to continue recertifying year over year with a continued focus on improvement.
These rigorous evaluations of our systems and processes take a significant investment of time and resources, which is why so few smaller companies choose to become certified. However, we chose to invest in becoming ISO certified to ensure we deliver our clients the highest quality data security. And even more, we are re-evaluated annually to ensure we maintain those high levels of security.
How ISO Certification Benefits You
The bottom line for our clients is that your data and intellectual property are well protected when you work with Research Results. We design and specify our information systems to a high standard and continually monitor and improve those systems. Any vendors and third-party platforms we use must also meet those high standards and ensure that with our detailed vendor assessment process. We leverage the latest technology to monitor emerging and ongoing threats and have detailed procedures defined to react to them before they become a problem. Our employees undergo regular periodic training to act as that critical human firewall, as well.
We are very proud of this visible commitment to data and information security for our clients. And because we document each project to maintain ISO-27001 certification, including all communications, should you need to refer back to it for any reason. Additionally, all communications are encrypted, and we uphold the strictest standards for PII and data privacy.
Now that you know, can you afford the risk of working with a vendor who is not ISO-27001 certified? Contact Research Results today to learn more!