ISO27001 Information Security Management Compliance and Certification
Summary
The following list summarises the content within this article. Click on the links below to take you to the relevant sections:
- What is ISO/IEC 27001?
- Why is ISO27001 important?
- How does Certification work?
- What does the ISO27001 accreditation mean for SupportAbility subscribers?
- Can our organisation get proof of SupportAbility's ISO27001 Certification?
- Additional security questionnaires
- Additional security measures providers can implement
What is ISO/IEC 27001?
ISO/IEC 27001 (usually called ISO27001) is an international standard that outlines a framework for managing sensitive information to maintain its confidentiality, integrity, and availability.
This standard provides a systematic approach to implementing security controls that protect information assets.
ISO27001 certified organisations can demonstrate:
- Accountability - comprehensive policies and procedures to keep data safe
- Best Practice - regular external audits to ensure the software is compliant and secure
- Continual Improvement - continuous evaluation and refinement to stay ahead of risks and threats
Why is ISO27001 important?
Information and cyber-security have never been more critical in today's digital landscape.
In 2022, a series of high-profile attacks against Australian companies, including the Optus cyberattack that exposed the data of 2.1 million Australians and the Medibank crisis, which resulted in the theft of confidential medical records of 3.9 million Australians.
It’s more important than ever before that organisations take the necessary steps to protect sensitive and private information from potential breaches and cyberattacks.
How does Certification work?
ISO27001 certification is a serious commitment that takes a significant amount of time, resources and money.
In this 18-month process, every team member at SupportAbility was involved in this project in some way and was committed to working towards this important certification. The process involved revising our entire suite of operational policies and procedures to put information security at the centre of everything we do.
To become certified, SupportAbility’s compliance was validated by an independent auditor (BSI) who extensively reviewed our Information Security Management System (ISMS), demonstrating our ongoing and systematic approach to information security.
What does ISO27001 accreditation mean for SupportAbility subscribers?
In short, keep doing what you’re doing with confidence that you are protected. This certification is additional proof of our commitment to information security. It plays an important role in assuring our customers that SupportAbility takes all necessary steps to keep their data safe, secure, and accessible.
Our company-wide approach to data protection ensures the highest standard of security for our customers, and we are honoured to lead the NDIS Client Management space in information security compliance.
Can our organisation get proof of SupportAbility's ISO27001 Certification?
Absolutely. Authorised Representatives from subscribing providers can contact our Customer Success team at support@supportability.com.au to request a copy of our certification.
Additional Security Questionnaires
In light of the recent Australian security breaches mentioned above, we appreciate that many providers will be looking to improve their own information security and potentially seek accreditations such as, or similar to, ISO27001.
In the great majority of cases, accessing a copy of SupportAbility's ISO27001 certification should provide suitable evidence that our information security practices, processes and Information Security Management System are being managed, maintained, improved and independently validated against the highest international standards.
If additional information is required, SupportAbility will charge for the time required to respond at our standard support rate of $250 per hour, exclusive of GST.
The expected timeframe for each response is approximately two weeks. A quote and estimated response time can be provided for each query ahead of this being actioned if this is required.
Additional security measures providers can implement
This certification complements SupportAbility’s available security tools that providers can utilise to improve their security position.
We recommend that all providers consider enabling key security features such as Multi Factor Authentication and Password Strength Management strategies to improve their operational security.
Please see the articles linked below for further information regarding these features.