ISO 27001:2013


Introduction

The perception that cloud based solutions are inherently less secure than the installed equivalents is not correct. However the difference between a provider who follows best practice, or better than best practice, and has recognised systems in place to identify, monitor and improve software security compared to a provider that does not will lead to large differences in how secure customer data is.

As a cloud based Web to Print solutions provider RedTie has always been at the forefront of making sure our customers data is dealt with using industry best practice and in 2012 we were certified with ISO 27001.This was 2005 standard at the time but we have since been re certified to the latest 2013 standard.

Red Tie Ltd was certified by UKAS accredited BSi Assurance Ltd.


About ISO 27001

ISO 27001 (full name ISO/IEC 27001:2013 - Information technology - Security techniques -- Information security management systems) is an internationally recognised standard that has data security at its core.

The standard covers all types of organisations (not just software companies) and specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within the context of the organisation's overall business risks.

What that means is that we have policies covering all data and processes at RedTie, not just data on our servers as it is not just IT Security, it is Information Security (be that digital or printed) and also includes a disaster recovery plans for all sorts of scenarios that are tested annually.

We monitor that we are following those processes and that we have an obligation to keep improving on those processes as new information or best practice becomes available.


Plan Do Check Act Process

As stated above it is a continual improvement standard and RedTie has implemented the Plan Do Check Act Process of improvement (the Standard does allow other process models).

Plan Do Check Act Diagram ISO27001

As you can see from the above diagram our improvement process encompasses both current and new policies constantly.


Why is ISO 27001 so important to you?

Ignoring the fact that it should demonstrate to you how important we take Information Security it can have real business benefits to your company.

Many larger organisations will insist that your software suppliers have an Information Security Management System in place and will often ask to see it. Our ISO 27001 takes that problem away, especially blue chip organisations understand what it is and what it means.

You will be able to answer "Our Web to Print software supplier is ISO 27001 certified", they may ask you for our certification number and that should be the end of their concerns on the matter.

We have seen a growing demand in this area and it seems that it is filtering down to medium size organisations and it is one of the benefits of partnering with RedTie that is not important until a customer of yours asks for it and then it is vital.

RedTie is still in the minority of Web to Print suppliers to have this certification.