Business News
St Ives Steps Up Security With ISO 27001:2005 Accreditation
Monday 09. February 2009 - St Ives Direct Leeds, part of the direct marketing and commercial print division of St Ives plc, has been awarded ISO 27001:2005 accreditation. Regularly handling highly sensitive data as part of its clients print requirements, the accreditation officially recognises the sites ability to run an extremely secure operation, and is expected to aid new business opportunities.
The ISO 27001:2005 is an Information Security Management System (ISMS) standard, covering 133 security control objectives.
“Having passed pre-audit security tests as a prerequisite to begin working with customers that required us to handle sensitive data, we have always been confident in our existing security policies,” comments Darren Lowe, Operations Director, St Ives Direct. “However, hearing the media publicise several security breaches at other UK companies, we decided that we should implement the ISO 27001:2005 accreditation to officially acknowledge that the Leeds facility is successfully managing a secure operation. Now that we have been awarded this accreditation, it gives our customers further assurance that their data is safe, and provides us with the opportunity to learn of any additional improvements we can make to our internal security best practice.”
The campaign for St Ives Direct Leeds to become ISO 27001:2005 certified began in June 2008. Since then, the sites business processes have been carefully analysed to ensure they are in accordance with the ISO 27001:2005 standards criteria. The St Ives Leeds site passed a three-stage audit process, involving a preliminary review of the key security documentation and an in-depth audit of the effectiveness of the information security controls. The final stage was a follow-up reassessment audit to confirm the organisations continued compliance with the ISMS standard.
Darren concludes, “We anticipate that achieving this accreditation will be a huge selling point for the Direct division, further raising prospective clients confidence in our ability to handle sensitive data. However, for the Leeds team, the implementation of this ISMS standard was driven by the companys desire to ensure that we are operating the best possible solution for our business, and that of our customers.”