Certificate of ISO 27001

Gather Achieves ISO27001 Certification

Gather Achieves ISO 27001 Certification

Delve into the rigorous processes, unwavering commitment, and meticulous standards that propelled Gather to the forefront of data security excellence. 
In today's digitally-driven landscape, safeguarding sensitive information is paramount for businesses of all sizes. Achieving ISO 27001 certification stands as a testament to an organisation's commitment to robust information security management systems (ISMS). It's not merely a badge of honour but a strategic decision that instils trust among stakeholders, enhances operational resilience, and fortifies against evolving cyber threats. As we delve into the journey towards ISO 27001 certification, we uncover the transformative steps Gather undertook to fortify their data defences and navigate the intricate terrain of modern cyber security standards.

What is ISO 27001?

ISO 27001 specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS), within the context of the organisation.

It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.

   Why ISO 27001?

ISO 27001 ensures that cyber security is implemented and maintained so that both our data and our client's data are kept confidential.

It does so with the ISMS - a framework that allows for constant review and resultant improvement but is flexible to the business needs by providing:

  • Improved data security
  • Mitigation of breaches by addressing risk
  • Continuous improvement with PDCA
  • Credibility
Spider diagram of benefits of ISO 27001

How to achieve ISO 27001?

It’s a five-step process to become certified and an integral part of an ISO certified management system is that there must be continuous improvement.

  1. Gap analysis
  2.  Manual of Operation
  3. Staff Training
  4. Internal audit
  5. External audit

 When you finish painting the Forth Bridge you start again at the beginning!

Diagram of the 5 step process to be ISO 27001 certified

We started out by documenting our best practices and daily operating procedures, describing what and how we do things.

For example, we need to explain that we make a cup of tea because we're thirsty and because we like it…

Our policies and procedures need to support the standard stipulated by ISO 27001. There was a need for us to subtly tweak the way we work to do so. However, the standard is not meant to be restrictive. It is a flexible framework that ultimately should fit our business.

With a management system defined, awareness training around the system took place, which effectively emphasised why we are taking the sanctity of our own and our customer's data seriously.

At this point, we needed to be happy that our system and its controls work as we expected by doing some internal audits, following the next step, which is the scary bit, where we’re audited by an external auditor!

All’s well that starts well, and whilst ISO is iterative and the continuous improvement process of  'plan do check act', now just keeps rolling. The really exciting bit is we have received a lush certificate for the wall!


Enjoyed these tips?

Click Here

If you found this blog helpful, we have lots of other useful downloads with tips on using technology to improve your business. Browse our white papers, guides and free policy templates below.

View Resources