Our Security-first Ethos & ISO Compliance
We’ve done it. We’re delighted to announce that our path to ISO27001 certification is complete! Security has always been at the heart of everything we do at ICONICS UK, from ensuring our team are physically safe and well, to delivering mission-critical automation systems to the highest security standards possible. Over the last few years, we’ve continued to take our business systems, IT infrastructure, cyber security, and all-round organisational processes to new levels. We’ll explain more on in the ins-and-outs of ISO 27001in a moment, but in simple terms, we have proven to implement market-leading best practice when it comes to protecting our customers, clients and supplier’s sensitive information. We’re excited by the extra confidence this’ll bring our clients, as well as the shift in culture we’ve experienced when it comes to improved communication transparency, accountability, and IT security. These standards are not limited to just IT though, they affect all our people across every level of the business – so this is good news for all of us.
Andre Scherpenzeel, UK CTO says:
As a cloud software company this is not just about us, this is about applying Security-by-design principles into everything we do as a company. We’re excited by the resilience and business continuity this standard brings us and our clients, and we look forward to refining and further improving our security standards in years to come."
What is IS0 27001?
ISO27001, commonly referred to as ISO/IEC 27001, provides a structured risk-based approach to information security – specifically it formally specifies an Information Security Management System (ISMS) that aims to bring security under explicit control. As we said, it’s therefore primarily focused on protecting the information you hold as a business, and thus covers everything from Information Security Policies, to Physical Access Control, to Supplier Relationship Management.
How Did We Achieve Compliance?
We were grateful to be supported by our independent advisor - Richard Allcock - whose expertise were paramount when putting together our Statement of Applicability (SoA) and documentation. But in the end, it was our IT team, Technical Director, and enthusiastic staff whose hard work ultimately paid off. For those that are new to the Information Security world, a foundational piece of ISO 27001 compliance is focused on continuous improvement and the ability to audit yourself in the future (see Clause 9.2). For that reason, we needed the entire teams ‘buy-in’ in order to revise, share and implement a new vision and standard set of security processes.
Key to us achieving zero non-conformities, especially as a software company, was having a ‘minimised surface area’ - that is to adopt a fully cloud-based approach to our data and systems. Being the through-and-through Microsoft Azure partner that we are, the adoption of various technologies from Microsoft over the years has allowed us to pass with relative ease. Some of the ways Microsoft technology has helped us comply, are:
Azure Active Directory for Conditional Access (CA) and Multi-factor Authentication (MFA)
Dynamics 365 for tracking and managing security issues
Office 365 for the management of our business data
Microsoft Intune for device, application and workstation management
Defender Advanced Threat Protection for antivirus and vulnerability monitoring
Another string to our bow
For us, becoming ISO 27001 certified is not just another accolade on the wall, it’s a sign that our passion to drive our IT security standards forward is independently acclaimed. As for our customers, suppliers and partners, this is another standard (in addition to our ISO 9001, ISO 50001 and UVDB Cat C certifications) that can cement confidence in our business technology, managed services, support and all-round customer service.