Tunstall Healthcare has been accredited to ISO 27001 for some time, but this has recently been extended to cover its Software as a Service platform, which is used for the hosted delivery of its PNC8.2 specialist monitoring centre software. Tunstall’s Digital Transformation Director Mark Stratford explains the additional reassurance this offers to Tunstall customers.
What is ISO 27001?
ISO 27001:2013 is a well-respected international information security standard that demonstrates Tunstall’s commitment to managing information safely and securely in a practical way.
Why do we need it?
The standard is designed to help us identify risks and put in place security measures that are right for our business. Security is a business problem, not an IT problem. Risk-based approaches are essential for any business in today’s digital world.
There are many ways to manage security, so a recognised standard like ISO 27001 puts in place formal requirements to ensure the right processes are followed and documented should a security breach occur.
What value does ISO 27001 certification bring to Tunstall and its customers?
Certification is fundamentally about providing trust and confidence; our customers can be sure they are working with a trusted, reliable organisation. In today’s world, our customers, business partners and other stakeholders want to be sure that Tunstall are not putting them or their businesses at risk by not having appropriate security measures in place when we are delivering life critical services to the people they support.
Certification provides objective evidence that we have invested, and just as importantly will continue to invest, to maintain our levels of security and respond to continuously evolving security threats.
Can an organisation achieve the same standards without certification?
Many organisations do follow the same process to achieve their security objectives without ever certifying, however certification is the formal proof that the standard has been integrated into business practice. Uniformity and reliability are essential, and understanding the standard in enough detail to appropriately apply it is necessary if you want to be successful.
How does Tunstall see the future of information security?
Anything that can be digitised is being digitised, and as more and more ‘things’ are being connected to the internet the threat of a security breach is growing. As long as there is a dependence on technology to live, there will always be malicious and accidental negative activity. Security is a by-product of risk management. Security for us now means shifting the cyber risks in our favour – information security must become part of our everyday lives. Think of it as locking your front door – it should be second nature to us all.
Certification to ISO/IEC 27001 demonstrates to all of our customers that Tunstall has defined and put in place best-practice information security processes. ISO 27001 is the only auditable international standard that defines the requirements of an information security management system (ISMS). An ISMS is a set of policies, procedures, processes and systems that manage information risks, such as cyber attacks, hacks, data leaks or theft. There are many benefits to an ISMS, including:
Secures our information in all its forms – An ISMS helps protect all forms of information, including digital, paper-based, intellectual property, company secrets, data on devices and in the Cloud, hard copies and personal information.
Increases resilience to cyber attacks – Implementing and maintaining an ISMS will significantly increase Tunstall’s resilience to cyber attacks.
Provides a centrally managed framework – An ISMS provides a framework for keeping all the information Tunstall holds safe and allows us to manage it all in one place.
Offers organisation-wide protection – It protects our entire organisation from technology-based risks and other, more common threats, such as poorly informed staff or ineffective procedures.
Helps respond to evolving security threats – Constantly adapting to changes both in the environment and inside the organisation, an ISMS reduces the threat to Tunstall of continually evolving risks.
Protects confidentiality, availability and integrity of data – An ISMS offers a set of policies, procedures, technical and physical controls to protect the confidentiality, availability and integrity of information.
Improves company culture – The Standard’s holistic approach covers the whole organisation, not just IT, and encompasses people, processes and technology. This enables Tunstall’s employees to readily understand risks and embrace security controls as part of their everyday working practices.
If you’d like to find out more about PNC8.2, ask your account manager or get more information from our website https://uk.tunstall.com/services/our-products/pnc8-2/