Scottish Braille Press becomes ISO 27001 accredited

Posted: 25/05/2015 |

Scottish Braille Press Manager John Donaldson describes the importance of ISO 27001 accreditation, and its benefits to Scottish Braille Press customers.

The Scottish Braille Press has become ISO27001 accredited.

This is an important milestone for our organisation. 

ISO27001 is an internationally recognised best practice framework for an information security management system.

It helps to identify the risks to our important information and put in place the appropriate controls to help reduce the risk.

Scottish Braille Press becomes ISO 27001 accreditedWhat is ISO 27001?

Generally speaking, most businesses have some form of controls in place to manage information security.

These controls are necessary as information is one of the most valuable assets that a business owns. However, the effectiveness of such a policy is determined by how well these controls are organised and monitored.

Many organisations introduce security controls haphazardly.

Some are introduced to provide specific solutions for specific problems, whilst others are often introduced simply as a matter of convention. Such a random security policy will only address certain aspects of IT or data security, and can leave valuable non-IT information assets like paperwork and proprietary knowledge less protected and vulnerable.

The ISO27001 standard was introduced to address these issues.

ISO27001 formally specifies a management system that is intended to bring information security under explicit management control.

Organisations that claim to have adopted ISO27001 can therefore be formally audited and certified compliant with the standard. ISO27001 requires that management:

  • Systematically examines the organisation’s information security risks, taking account of the threats, vulnerabilities, and impacts.
  • Designs and implements a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable.
  • Adopts an overarching management process to ensure that the information security controls continue to meet the organisation’s information security needs on an on-going basis.


Business Benefits

The business benefits from ISO 27001 certification are considerable.

Not only do the standards help ensure that a business’ security risks are managed cost-effectively, but the adherence to the recognised standards sends a valuable and important message to customers and business partners, namely that our organisation does things the correct way.

ISO 27001 is invaluable for monitoring, reviewing, maintaining and improving a company’s information security management system and will unquestionably give partner organisations and customers greater confidence in the way they interact with your business.

Some of the key benefits are that:

  • ISO 27001 is the de facto international standard for Information Security Management
  • It demonstrates a clear commitment to Information Security Management to third parties and stakeholders
  • It can provide a framework to ensure the fulfilment of commercial, contractual and legal responsibilities
  • It provides a significant competitive advantage, and can effectively be a license to trade with companies in certain regulated sectors
  • It can provide compliance with, or certification against, a recognised external standard which can often be used by the organisation to demonstrate due diligence.

Credit goes to everyone who played their part, in particular the ICT Manager and his team, in successfully achieving this important accreditation at our first attempt.