This is becoming an increasingly important subject within market research, as in other areas, not least due to the rise of cloud computing. If you use Dropbox, for example, and you undertake research on behalf of government or large organisations, the subject of information security is likely to be relevant to you.
As an online business, particularly one which provides software that stores confidential data, we take a keen interest. But we have become increasingly aware of the need to be able to formally demonstrate this, and to show that we meet the standards required by clients.
Over the last few months we have been investigating the option of gaining ISO27001 certification. Early on we discovered that it is designed for very much larger companies than ours, and that it would be prohibitively time-consuming and expensive to undertake. Luckily, one very kind information security consultant who we contacted pointed us in the direction of Cyber Essentials and IASME.
Cyber Essentials is a government-backed standard, which follows the same broad principles as ISO27001. However, it is designed specifically for small and medium sized companies, and as a result the process of gaining certification is much more straightforward. So rather than costing thousands of pounds and taking several months, as would be the case with ISO27001, it can cost a few hundred pounds and be completed in weeks. What’s more, there is plenty of help online.
There are several organisations that you can gain certification through. We chose IASME, mainly because there was so much information on their website, and they were so helpful in answering our various queries.
So, what was involved in gaining certification? Well, it was mainly around areas such as keeping software up-to-date, network security, passwords and malware protection. There was also a section on vulnerability scanning, for example, but it turned out that this could be undertaken ourselves with an online tool, so it was not as difficult as it at first sounded.
For further details about information security certification through Cyber Essentials please feel free to contact me.