Echidna is proud to announce that we are officially ISMS certified. Echidna recently received ISO 27001:2013 certification. Read on to find out exactly what that means, why it's important, and how it’s going to benefit our clients.
Companies are constantly trying to evolve their data security practices, but sometimes they can’t quite keep up with the criminals, hackers, or competitors trying to steal their (and their customers’) data.
You don’t have to look back very far to see what we’re getting at. Odds are, you remember the Target security debacle of 2015 pretty well. Not only did the data breach tarnish the company’s reputation and negatively affect the trust of its customers — the fiasco cost Target over $100 million in lawsuit settlements.¹
Target’s data breach was a big one, but even smaller data breaches can cost companies big-time — the average cost of a data breach to an organization is over $6 million.²
And sometimes, data breaches can’t even be blamed on seedy hackers: up to 80% of data breaches could simply be caused by negligent employees.³
ISMS stands for Information Security Management System, and according to Wikipedia, ISMS is "a set of policies concerned with information security management or IT related risks." If an organization has an ISMS in place, it means that they've set up highly structured and organized processes in order to minimize data security risks. Not all organizations do, though.
A very simple analogy can be illustrated by a bridge: If you're driving across a canyon, river, or generally a gap of any kind, you'd probably prefer that the bridge is structurally sound and built with the latest and greatest architectural and engineering techniques. Otherwise, you can't really be sure that you'll get across safely. A better bridge equals less risk.
“ISO” stands for International Organization for Standardization, which is a Switzerland-based international standards setting body. Since the 1940s, they've essentially been bringing different national standardization groups together in order to set clearly defined, globally applicable industrial and commercial standards. 27001 is simply the ISO's specification for an ISMS.
If you're interested in the nitty-gritty, read more about it here.
Now that we’re ISO 27001:2013 certified, that means Echidna has already been validated by strict industry security standards, and we’ll continue to be audited and tested to ensure that we maintain those standards. That means that our clients don’t need to worry about how their data is being handled on our end. It all comes down to assurance and trust, and we want our clients to know that we’re a reliable partner who takes data security seriously. That’s why we took the time to go through the lengthy process of ISO 27001:2013 certification, and that's why we're dedicated to continually improving our data management practices.