At a glance:

• Company meets compliance criteria for ISO 27001
• Certification follows three months of evaluation and documentation of Columbus information security policies and procedures, required on top of Columbus’s stringent predefined policies
• Offers high level of compliance at a time when cyber threats and data protection are increasingly under the spotlight

Columbus, the global digital business services provider, today announced it has achieved ISO 27001 certification for information security and management, covering all Columbus employees and offices in the UK. ISO 27001 is an internationally recognised standard for securing information assets and stipulates requirements for putting in place an Information security management system (ISMS). The certification assures Columbus customers of the very high levels of security controls at a time when GDPR is set to enforce tighter data protection standards with severe financial penalties for non-compliance, and against an increasing frequency of cyber threats.

The certification was achieved on 16 May, 2018, following a three-day independent auditing process at Columbus offices in Nottingham, Cambridge and Warrington. Working closely with ISO standard specialists QMS, Columbus carried out a comprehensive analysis of business processes to identify, document and refine existing information security policies, and completed a full risk assessment of all 100 areas of information assets in addition to 180 Microsoft Dynamics environments containing customer and company data.

The ISO 27001 audit evaluates organisations based on their information security and management framework, and the systems in place to prevent and mitigate the risk of data theft, loss or damage. Following an intense period of work to complete a small number of policy enhancements, Columbus now boasts a highly ISO 27001 compliant ISMS. The scope of certification also encompasses all of Columbus UK’s consultancy services, including the Application Management and Infrastructure Management Services, which are designed to ease the security and maintenance burdens of companies’ IT operations. Columbus employees have undergone security awareness training and assessment to ensure the security and integrity of all customer and internal data and will continue to be evaluated and monitored to confirm ongoing compliance.

Mary Hunter, Managing Director, Columbus UK

“This is an important step to assure Columbus customers and employees that we continue to take information security very seriously. ISO 27001 certification reinforces our commitment to upholding the highest standards of data management and protection. GDPR is also firmly on the horizon, so it is vital for us to demonstrate the strength of our information security processes to customers and cultivate a security-focused culture internally among our staff.”

“Using data to generate extra value for customers is at the heart of our business and solutions, and with the rise of cloud-based delivery services and increased digitisation of business processes, we are committed to delivering high levels of protection for these growing volumes of personal and sensitive end-user information.”

Kate Parry, ISMS Manager, Columbus UK

“Columbus has always focused our processes with customer security at the front of our minds. For the past three months the team has worked hard to ensure the correct policies and procedures are documented and adopted to safeguard against and respond to, if required, any data theft or loss.”

“There are 114 controls stipulated by ISO 27001, so to complete the entire certification process in just three months is a testament to the strength of long-standing data handling and security processes already established by Columbus. This certification is just the beginning – we will continue to regularly evaluate our information security processes and documentation, and monitor employee adherence.”