By Rakhee Ojah-Maharaj, Chief of Staff
I wanted to begin by wishing everyone a very Happy New year. To kick off what promises to be a great and prosperous 2022 I am delighted to announce that eXate has successfully achieved our ISO 27001 certification!
According to ISO.org, ISO 27001 is “widely known as providing requirements for an information security management system (ISMS)”. It is intended to ensure organisations have the correct policies and procedures to manage and store data. For any company that stores data the ISO 27001 should be considered, and therefore eXate chose to obtain this certification.
As a team, eXate worked tirelessly towards achieving this milestone as it matches our missions and values as a company.
It is no secret that within an organisation there can be gaps in how information is stored and at eXate we wanted to prove that we ourselves do not possess such flaws in our data and information storage procedure. By using the Information Storage Management System (ISMS) ISO 27001 it has given us a framework of policies and procedures that helps control how we store and manage data.
It was important to eXate that we show our valued clients and stakeholders that we are serious about, and are committed to, managing the security of information that is entrusted to us. This certification has proved to them and ourselves that data can be trusted with us.
The ISO 27001 certification is not mandatory, however we felt that it was an essential step needed for our clients, stakeholders, and employees as there are multiple benefits from achieving this certification. One such benefit is that the ISO 27001 certification now provides us with a framework as a starting point, but we did not want to stop there. We know that we can add and adapt this framework to suit our company, clients, and stakeholders. We continue to improve our policies and procedures to ensure that we have the highest compliance for information security.
Our Experience It was a long road to ensure our strategies were to the standard they needed to be in order to achieve this certification. Though we had pre-existing strategies in place this achievement showed us where we can improve and adapt to demonstrate to all our stakeholders that we have taken the time, consideration, and necessary steps to comply with all ISO27001 standards.
When it came to the audit day, preparation was key. Naturally it was always going to be an anxious day, but we can now look back and know it was worth it. Knowing we would have two auditors sifting through our policies and procedures, leaving no stone unturned is not an easy few days of work but one thing to keep in mind is that the ISO 27001 is about continuing improvement of the policies and procedures of managing and storing data. It gives us the ability to continually improve and update our strategies, so as anxious as the day was, it is worth it. To eXates credit the auditor mentioned that we had done an exceptional job and we have no audit points or recommendations. Thank you to the team and, in particular, Rama Ramesh our Information Security and Risk Manager.
At the end of it we cannot think of managing the storage of our data better than ISMS ISO 27001. ISO 27001 has given us good practice, automation, and structure.