What is the ISO 27001 accreditation?
It’s the word on the tip of everyone’s tongue and at the forefront of everyone’s minds. We’re reminded daily of its value, and often overwhelmed by the individual precautions we should be taking to ensure our private information remains, well, private.
Event agencies, due to the nature of the work we do, don’t only have the responsibility of protecting their own data; but equally, their clients’ data.
Just think about it.
There’s no surprise that financiers, data processors, and banks would take extra precautions to do everything in their power to protect the sensitive data of their clients. However event agencies also work with the personal data of their clients, their employees and customers every single day - from passports and email addresses, to company figures and sales targets.
Any good events company should take every step possible to ensure the protection and security of their clients’ data – which is where the ISO 27001 accreditation comes in.
So, what exactly is ISO 27001?
ISO 27001 Information Security Management is UKAS accredited and is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.
The accreditation demonstrates our information security compliance, and due to GDPR having no recognised accreditation, also confirms an organisation is compliant with GDPR.
Our employee relations manager, Catherine Wallace, discusses how difficult it is for a company to achieve the accreditation, but why first event feels it’s not just a luxury, but a necessity within the industry:
“The ISO 27001 accreditation demonstrates the high level of our information security compliance, keeping the data we own and manage, along with our staff and premises secure. It’s essentially a model for continual improvement, consistently being enhanced and reviewed to prepare us for the future and ensure that we remain committed to the protection of all data we manage.”
For good reason, the ISO 27001 accreditation requires continuous commitment and to adhere to ongoing internal audits, along with annual external audits, rigorous practices need to be in place.
“No matter how busy you get or how much ‘easier’ another way of working may seem, maintaining robust work practices is paramount to both ensure compliance and protect data and security. Additionally, the ever-improving management system strengthens our data security and forms part of a risk management and business continuity programme – showing that we have plans in place to manage and respond to risks, whilst still delivering our service offering.”
Due to the nature and sensitivity of data and the way it’s handled, simply implementing the accreditation as part of a business is simply not enough. Buy-in from employees is essential to ensure that each and every individual is invested and committed to the way we work.
“Training, training, training! It’s all well and good to let employees know about the accreditation, but they need to be trained in order to put it into practice. Putting best practices into place such as new starter communications, compliance and adherence, as well as specific training at the beginning of employment can ensure that employees keep up with and continue to learn as the accreditation standard is internally audited on an ongoing basis.”
As previously highlighted, the sensitivity of the data that event agencies own and manage means that being GDPR-compliant is no longer enough. Taking any extra steps possible to protect clients’ data is what transforms a good event agency into a great event agency.
“Event management agencies hold tonnes of data of a certain level, so it’s really important that agencies are managing this properly.”
The takeaway for clients
No matter how much you try to avoid it, the potential for risk is always there, and nobody can claim to be 110% untouchable. However, ensuring that the event agency you’re working with is taking every step necessary to reduce the potential for risk can give you the peace of mind that your data is being handled in the correct way, by people who care about protecting it.
Feel secure in the way that your data is handled during the event planning process and let us help you to deliver an event that meets your business goals, whilst keeping your most valuable assets safe. Contact us today!