What was the motive for Blacknight Solutions to achieve ISO 27001?
Blacknight have built their own data centre, and it was seen as a requirement to provide the assurance our customers expected. We were increasingly getting asked what management systems we had in place for our customers, especially customers with US headquarters. We also needed a framework to ensure we were constantly improving and managing security because of the ever-changing threats in the online world, thus ISO 27001 was ideal for our needs.
How did Certification Europe help during the certification process?
At the initial pre-certification audit, Certification Europe identified some aspects of our security we had overlooked and we were able to consider them in the context of our business. The lead assessor was keen to highlight the need for full management buy-in and the adoption of the principles of security as a management system rather than a checkbox exercise in order to get certified; this helped focus the company as a whole.
Before certification, what Information Security management systems were in place within Blacknight Solutions?
We were PCI DSS compliant, so a lot of the requirements were similar to ISO 27001 and consequently, we had systems in place already with regard to security of data. ISO broadened that scope to every aspect of our business, not just the online store.
Where do Blacknight Solutions see the benefits of having ISO 27001?
Our customers have an expectation that we have a management system in place to assess risks associated with their data and mitigate them.
To read more about Blacknight Solutions’ Journey to Certification download our PDF below.