Office & HR Manager Rebecca Davies with our certificate.
CICM has recently succeeded with continued certification in the ISO27001 (UKAS) standard which governs our Information Security Management System (ISMS).
CCICM’s ISMS is an overarching management framework through which we identify, analyse, and address our potential information security risks. It ensures security arrangements are fine-tuned to keep pace with changes to threats, vulnerabilities, and business impacts. This an important aspect in such a dynamic field, and a key advantage of ISO27001’s flexible, risk-driven, approach.
External Auditor Summary
A BSI external auditor said in the executive summary of her accreditation report: “CCICM’s information security team not only maintain their ISMS to a good standard, but also continually improve on what they’ve achieved. At every assessment it is possible to see improvements to the system and corrective actions are closed.”
Specifically, the report highlights the following strengths:
- ISMS is well maintained – logs are kept up to date, risks, issues, and corrective actions are tracked to the point of closure.
- The newly-implemented Quality Management Online system made it easy to find documents and logs, and proves to be very effective.
- The process work for Legal Compliance, undertaken by the newly-appointed Data Protection Officer, shows a focus on business processes and ensures that Information Security is considered as part of day-to-day operations.
- Supplier and International Credit Exchange agent processes are robust and well-thought through, and appropriate consideration is given to mitigation of Information Security Risks through the Internal Audit Programme.
This ensures our many clients in both the UK and overseas can always depend on our ISMS to safeguard confidential data, and so protect their reputations.