Monday mornings are always tough, but at 8 a.m. on Monday, Sept. 12, we had to be wide awake, fully caffeinated, and 100% on top of our game. It was ISO 27K audit day.
ISO 27001 is a well-respected international standard for how to establish, implement, maintain, and improve an information security management system. In other words, it is a collection of the best of the best practices – the gold standard – of how to keep sensitive information safe.
Here are a couple of interesting facts about the ISO 27K certification:
- It is not mandatory. Instead, it is an extra level of security and scrutiny that companies can pursue. It is the sprinkles on top of the icing on top of the cyber-security cake.
- The Olinger Group is one of only a handful of ISO 27K certified market research companies (through CIRQ) in the U.S.
- It is how we prove that we can keep our clients’ PII and PHI safe.
- The intense annual audits are performed by not one, but two disinterested third parties.
- They are a bear. (The audits, not the third parties.)
Actually, the audit itself wasn’t too bad. It was all the work we did in the 12 months preceding the audit that was tough.
The standard includes more than 110 controls, or requirements, that touch every part of the business. We’re talking everything from IT safeguards and building security to anything that even remotely touches or affects our personnel and clients. And we have to show evidence – sometimes multiple forms of evidence – for every one of those controls.
In case you were wondering (although I can’t imagine why you would, given that we wrote a blog about it), we passed our audit and have now received all related official documentation.
In fact, The Olinger Group has passed every annual audit with flying colors since our first ISO 27K certification in 2017.
We have fully integrated the controls into our daily business practices and client interactions. At this point, ISO is SOP and DNA for TOG. (Please don’t shoot me. I started writing this sentence and couldn’t stop.)
Now that we have passed our 2022 audit and we have had a chance to sleep and recover, it is time to start all over again:
- Streamline our processes
- Strengthen the redundancies we need and ditch the ones we don’t
- Schedule, attend, and track training
- Collect the evidence
- Shout our certification from the rooftop so current and future clients know that we rock and their data is safe with us
Speaking of which, check out these shoutouts:
Information security is critical, and we feel the responsibility to protect our clients’ data. Getting and keeping our ISO 27K certification is a huge investment of time and money, but it is absolutely worth it.
- Jude Olinger, TOG Founder and CEO
……………………………..
We set out to incorporate ISO 27K into our business so that it is more than just checking a box. Having the processes in place for ISO 27K protects us and our clients. Bottom line, we worry about it, so our clients don’t have to.
- Chanttel Allen, TOG Managing Director
……………………………..
The Olinger Group takes information security seriously and has validated this fact over and over again with its exacting approach to ISO 27001.
- Darrin Maggy, Practice Manager, CISSP, at Security 7 (aka disinterested third party who rocks as hard as we do).
Feel free to comment below and don't forget to subscribe to our blog so you'll be notified each time we post.
