Safeguarding sensitive data and information is more important than ever, especially in today’s digital world. At McConnell Jones, we recognize this importance and have implemented rigorous measures to demonstrate our commitment to better protecting the availability, integrity, and confidentiality of our client’s information. This includes earning and maintaining our ISO/IEC 27001 and ISO/IEC 27701 certifications, which requires several rounds of audits conducted by a third-party accredited certification body. In this blog, we’ll explore the steps we took in earning our certifications and maintaining compliance.
The Certification Process
Stage 1: Gap Analysis and Documentation Review
This audit is conducted by our third-party accredited certification body, A-LIGN. At this stage, A-LIGN conducts a preliminary assessment of our existing Information Security Management System (ISMS) and Privacy Information Management System (PIMS). This is done to identify any gaps between our current practices and ISO standards. Any deficiencies found during the assessment are then used to outline required steps for remediation to ensure alignment with ISO standards before moving onto the next round of audits.
Stage 2: Certification Audit
This audit is also conducted by A-LIGN. It consists of further documentation review, employee interviews, and process observations to determine the effectiveness of our ISMS implementation and whether we conform to the ISO standard being audited. Successful completion then results in the issuance of a 3-year certification.
Surveillance Audits
To maintain certification, our certification body will conduct annual surveillance audits. These audits not only ensure ongoing compliance, but also continuous improvement of our controls.
Recertification Audit
At the end of the 3 years, our certification body will perform the Stage 1 and Stage 2 audits to redetermine eligibility for recertification.
Our Strategic Commitment to Data Security
ISO certifications aren’t a one-time achievement, but rather an ongoing commitment. Given the constantly evolving nature of cybersecurity threats, it is essential to go beyond the minimum standards set by regulations and laws. Adherence to ISO standards allows us at McConnell Jones to effectively safeguard our client’s information in today’s digital era.
For more information on McConnell Jones’ data security measures, visit https://mcconnelljones.com/company-and-people/data-security/.