4 . 7 . 17

All Secure at twentysix

Culture change is often the hardest part of running an agency, and security is often the hardest part of running a business or website. At twentysix we’re taking both in our stride.

Having introduced ISO27001:2013 in 2015 and being initially accredited in 2016, we’ve lived with and thrived under the security standard over the last 12 months, achieving continued ISO27001 accreditation in June 2017.

Since the initial accreditation, we’ve also achieved Cyber Essentials Plus accreditation and migrated our Data Protection Act (DPA) commitments to the new General Data Protection Regulation (GDPR) standard well before the May 2018 deadline. Security truly is the word of the moment at twentysix!

CEO, Gail Dudleston says:

“At twentysix, we are all very proud to have achieved continued accreditation against ISO 27001 in June 2017. The standard is now well and truly embedded in our business and will help enormously with the security requirements of our existing clients, new business, and also the Government Frameworks that we are currently on.”

Security risk can be difficult to quantify in any organisation, especially digital marketing companies, and ISO27001 and Cyber Essentials Plus accreditations ensure that we’re managing our risk in a structured and appropriate way. This is coupled with our roll out and adherence to GDPR requirements for data collection and processing. When taken together, clients can be confident that when working with twentysix, their information is always safe and secure.

Auditing made easy

Clients have requirements they expect their agency partners and suppliers to follow, and they also like to audit the agencies that they work with. An agency that doesn’t properly prepare will usually end up going through significant turmoil, time, and cost to meet these requirements. Business can easily be lost if agencies fail to meet the standards required.

Managing risk

Many companies have suffered major security incidents in recent years, sometimes very publicly, and they often don’t react in the most appropriate or constructive way. Avoiding incidents naturally helps to maintain confidence with clients and other organisations. ISO27001 operation includes managing incidents, and being aware of the risks of an organisation and in many cases prevent the incidents occurring in the first place.

Improving our processes

Not only do inconsistently applied processes cause security risks and potential breaches, they are often inefficient and costly to maintain. Putting in place standard and appropriate processes means that activities are repeatable, manageable, and cost effective within the organisation.

Competitive Advantage or Catch Up

Naturally we aim to win business over our competitors and ISO27001 gives us that competitive advantage, and more and more this is becoming a key factor for clients in deciding who wins business. Early adopters within the digital marketing sector now have a clear advantage over other agencies that don’t have security accreditation, who are now left trying to catch up!

Implement continuous improvement

Built into the ISO27001 management system is a continuous improvement cycle. (Plan, Do, Check, Act). Following this cycle allows us to continuously improve our security practices.

Understand the key assets of the business

One of the core requirements of ISO27001 is to ensure that we manage key assets in a way that is appropriate to the business. Many companies, especially in our sector are not even aware of what their key assets are let alone how best to protect them. ISO27001 provides us with a framework for managing them. ISO27002 contains a control framework and a baseline can be set for our assets ensuring that a minimum level of control is in place. This applies to processes as well as assets and allows activities to be repeatable and maintainable.

Sleep more, worry less

At twentysix, information is held that’s of critical importance to us, our team, and our clients. ISO27001 has allowed us to put a framework in place for managing this information. This means we can all worry less and sleep safer in the knowledge that we have the necessary protection required.

Matt Pallatt, twentysix’s CTO and qualified ISO27001 auditor, comments:

Clients want to know that they are working with the most dynamic organisations in the industry, and evermore this is extending beyond creative and technical disciplines and into cyber security – protection of data and security is fast becoming a fundamental requirement when sourcing suppliers and we’re proud to be continue being ISO27001 accredited.”

Share This: