Consultancy firms must be able to demonstrate that they are serious about keeping information entrusted to them by clients safe. To achieve this, PA wanted to develop a company-wide Security Management System (SMS) aligned with the international standard for information security, ISO27001.
We set up an implementation team to bring PA’s existing security policies and procedures into alignment with the standard. The new SMS, designed to be consistent across PA’s global operations, covers all policies, procedures and guidance associated with operating securely. It includes an information classification scheme to ensure that we process, store and share our own and client material with an understanding of the associated risks.
We obtained the initial ISO27001 certification for all of PA’s UK operations within ten months of starting the project. This was followed by certification in Abu Dhabi, Denmark, Dubai, Germany, India, Ireland, the Netherlands and Qatar. During 2014, the remaining offices around the world were included and all of PA’s operations globally are now certified to ISO27001.
To develop your own audit and compliance knowledge, consider taking our PCI DSS Implementation training course.