Imagine the occasion – you are about to sign a contract that will leapfrog your organisation forward well past your targets for the year and you are sitting there with self-congratulations buzzing through your head when suddenly your soon-(hopefully)-to-be-client asks: “for goodness’ sake don’t let this IP get out – it has taken us years to develop and it cost a fortune! I hope your data security systems are secure?”
How do you respond?
“Yes!” (Good start, but hardly convincing on its own).
“We always make sure we lock the door when we close up at the end of the day” (Hmm, you might just have lost the contract)
“I leave that to our office junior – he’s the technical whizz” (Nope!)
“Oh, we have never had a problem yet” (Nope!)
“We had a look at the dangers and concluded that we were ok” (getting better but still far too vague to be reassuring)
“We have that covered – you might have noticed we have been certified under ISO 27001 – the Data Security Standard that is recognised globally and has been specifically identified by the ICO as a useful tool to use to organise an organisation’s data security in this modern world. In fact, the ICO has decided to get ISO 27001 itself.” Now doesn’t that sound much more convincing?)
Now you can work out what to do with the bonus you are going to get!
Why go to such lengths (getting ISO 27001) when it is not actually a requirement?
Well, considering the potential complexities, the impact on your reputation, the effect on your clients whose data you hold and your own moral and ethical responsibilities for their data – wouldn’t you rather have a tried and tested system, designed by experts, than one you have cobbled together from what you understand is/should be/well, probably is the case?
A global community of experts have refined the ISO 27001 systems over decades – so now you can adopt what they have done rather than reinventing the wheel. And as they are still at it, the evolution of the system is carried out for you – you simply have to follow their lead. That leaves you time to focus on your day job (and daydreaming about your bonus!).