Redweb gains ISO 27001

Digital communications agency Redweb is one of the first of its kind to qualify for the new international Information Security Management Standard ISO 27001.

The standard, which was finalised only in oct 2005 to replace BS7799-2, helps an organisation establish and maintain an effective information management system to govern security of information and network systems.

Redweb’s IT manager Jeremy Blight said: “The need for the standard came from the need to show we are security conscious as well as focused on quality. Although we are already security-cleared by the Government, there is a need to be seen to handle information in a secure manner as possible.

“A documented system highlights that efficiency; potential clients who require these type of standards in place will view this favourably and it’s a big tick in the box for public sector work. It sets us apart from others.”

Benefits of certification include organisational assurance, trading partner assurance, competitive advantage, reduction or elimination of trade barriers and reduced regulation costs.

Redweb’s certification governs aspects as diverse as network password controls, buildings contingency, access to premises, removable media and the use of mobile phones in public places.

Jeremy said: “It’s a risk assessment of the whole business and putting controls in place to make sure all staff are aware of how things are done, plus continual assessment to ensure we are working to those controls.

“It covers how we safeguard information and information systems held within Redweb, confidentiality, the back-up of information to how staff deal with information.

“From Redweb’s perspective as a smaller company, we have probably found it slightly easier than most - we have less people to educate - and as a forward-thinking company there isn’t a “we’ve always done it this way” attitude. We didn’t start from scratch, there were lots of things we were already doing.”

Information Security