ISO 27001 Roadshow – Athlone Roundup

Athlone Roundup

The banks of the River Shannon provided the ideal backdrop for the third leg of the ISO 27001 Roadshow as we stopped off in Athlone Co. Westmeath to another full house for our seminar on GDPR and ISO 27001. Once again, we were joined by Brian Honan from BH Consulting and our very own Michael Brophy (CEO) of Certification Europe with special guest speaker Thomas Cox from Intuity.

The purpose of the seminars is to shine a light on what is GDPR and how businesses will need to adapt plus show what organisations like Intuity are doing to get ready for the May 25th deadline.

Dirty Four Letter Word

Brian Honan started the seminar discussing the dirty four-letter word in information Security right now GDPR. Brian discussed the severity of the fines and how they will be enforced by the Data Protection Commissioner. Fines for an organisation that breach GDPR will be 20 million euro or 4% of annual turnover.

Brian highlighted that this is not a software fix. You cannot buy off the shelf software to protect data and say you’re ready for GDPR. This is a challenge from management down as the human factor needs to be addressed and that is where ISO 27001 comes in. The most common breaches organisations experience is not a hack but human error and ISO 27001 puts measures in place to protect data from errors that can occur by staff and help protect data assets from external threats.

Intuity Journey to ISO 27001

This provided the ideal platform for our next speaker Thomas Cox who is HR Manager for Intuity and is a key member in their journey to Certification for ISO 27001 but also taking the management system and improving on it throughout the company to improve efficiencies. Intuity first achieved ISO Certification in 2011 and have gone on from strength to strength by integrating the ISO standard across more of the organisation in recent years.

Thomas explained how ISO 27001 provides the platform to tackle the beast that is GDPR and highlighted that they will be prepared because many of the controls and policies in ISO 27001 are also in the GDPR legislation.

Thomas echoed many of the points Brian made about this being a people issue, not software. Thomas revealed that Intuity has set up an ISO Committee that rotates within the organisation to ensure staff are involved. To ensure all members of staff are trained up and aware of all policies and threats around data protection, they have incorporated that into their performance reviews. This is an excellent example of a company buying into ISO 27001 and making it a part of the office culture instead of making a sperate task that needs to be ticked off.

Scope is everything

Our final speaker was Michael Brophy CEO of Certification Europe. Michael focused on how ISO 27001 is perceived and how it should be viewed by organisations when it comes to securing data. Michael focused on the misconception around the scope of certification should cover everything within an organisation. Michael highlighted organisations such as Vodafone which we also certify to ISO 27001 but the scope does not cover every aspect of the business.

Michael emphasised that the scope should be only what is important to you. This means reviewing your data assets and determine where are the weaknesses and place them with the scope. If needed prioritise assets that will be in the initial scope and then expand once Certification has been achieved. This is where continuous improvement comes in and now becoming one of the biggest and long benefits to organisations that implement ISO 27001. The management system is designed to adapt to the business objectives and as they change ISO 27001 changes along with it.

The seminar concluded with a lively Q&A session followed by in-depth One to One consultation sessions with attendees who wanted to know more about implementing measures to prepare for ISO 27001 and what is involved in Certification.

If you missed our ISO 27001 Roadshow and wish to learn more about ISO 27001 and GDPR. Feel free to contact our team for a FREE One to One Session via phone or Skype.

 

Emma Orford
Emma Orford

Social
Share

Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …
Previous
Next

Related Insights

How to make small business sustainability a priority

Small business sustainability is becoming a priority in the drive towards Ireland becoming net zero – here’s…

What is circular economy and what does it mean for organisations?

The circular economy is not a new phenomenon. Read our breakdown of what the circular economy is…
Previous
Next