If you read our December newsletter (and if you’re not already a subscriber, you can sign up via our website), you’ll know that Prizeology has recently received certification for ISO 27001. We jumped around the office when it came through, because because it’s a rigorous process, and we’ve worked hard to acheive it.
ISO 27001 is an international standard and it’s all about information Gaining certification means that we have the policies, procedures and systems in place to handle information – in other words computer data – securely.
ISO stands for ‘International Organisation for Standardisation’, which, as you might expect, is an international body that concerns itself with specifying standards for products, services and systems, ensuring that they are of high quality, safe and efficient. Well over 150 national standards bodies are members of the ISO – in the UK that’s the BSI or British Standards Institution – and ISO standards are instrumental in facilitating international trade.
So, assuming you’ve been loyal enough to stay with me up to this point, what does that mean for you, dear reader? I wouldn’t want to mislead you so I can’t say that Prizeology will never be the subject of a cyberattack – being hacked is a very real threat for all businesses and can obviously be very damaging to your bank balance and your reputation – but what I can say is that by achieving ISO 27001 we have minimised the risks and confirmed that we can respond effectively.
From business contacts to the details of the thousands of people who enter the prize promotions and competitions which we run, Prizeology handles a lot of data. The ISO 27001 certification means we’re handling that data properly, taking the right precautions to ensure it’s secure, and complying with international regulations such as GDPR and NIS, which obliges business to improve cybersecurity.
If you’re a client, you know that our security practices are robust, so you can be confident about working with Prizeology – our data management is built on good practice, which protects us and protects you, too. And because ISO 27701 is a global benchmark, that’s particularly relevant for the clients for whom we run global promotions.
Finally – and I suspect you’ve probably had enough of ISO 27001 by now so I’ll wrap this up swiftly – it’s not a one-off certification, because we’ll be carrying out regular reviews and internal information security management audits, plus an external auditor will check up on us from time to time, to make sure everything is working well and we’re still achieving the standard.
OK, you can go now – you’ve been very patient – but I will be testing you on this later…
Sarah Burns is Prizeology’s founder and Chief Prizeologist.