The global standard for information and data security
Does Your Market Research/Data Analytics Company Have an Adequate Information Security Program?
If the answer is NO — you need one, now.
If the answer is YES — how do you communicate that fact quickly & easily to clients?
Securing certification through CIRQ, a subsidiary of the Insights Association, shows your organization’s commitment to the most up-to-date data protection and information security practices and technologies through ongoing compliance and annual external audits, your commitment to excellence and can give your company a keen edge in the competitive research landscape.
What Is ISO 27001?
ISO/IEC 27001 provides a framework for companies to manage their data security. It establishes requirements for information security controls that manage people, processes and technology and protect valuable company data. Certification to this standard demonstrates to existing clients and potential new clients that your company takes information security seriously.
For ISO 27001, if your company is like most in our industry, you are being bombarded with lengthy data security/data protection questionnaires from current and potential clients. By itself, certification to the ISO 27001 standard often answers these requirements.
The New York Stock Exchange came to the same conclusion as noted in its recently published Guide to Cybersecurity: “ISO 27001… is a comprehensive standard and a good choice for any size of organization because it is globally-accepted and is the one most commonly mapped against other standards.”
What’s great about the process of becoming certified to ISO 27001 is that it properly focuses your company to address information security in a comprehensive manner. Securing the data that insights and analytics companies collect, store and transmit is not solely a technology issue. Effective data security requires a plan that includes educating your people and formulating processes to avoid mishandling or unauthorized access.
Certification to ISO 27001 is an amazing catalyst for culture change, in a global sense. It’s important to note that ISO 27001 addresses 11 articles of GDPR and is an excellent step for an organization as it seeks to comply with the regulation. Further, it provides a framework to meet various other regulatory requirements including:
Federal – HIPAA, GLB, SOX
State – MA, CA Privacy laws
Industry – PCI DSS
Contractual – Your Clients
While data breaches continue to make headlines – a rare occurrence among ISO 27001 certification holders – the systems that are implemented with ISO 27001 preparedness will markedly lessen the severity of any breach. And, on the state level, an increasing number are encouraging the certification as it is evidence of an organization’s commitment to information security and constant improvement.
Securing the data that research and analytics companies collect, store and transmit is not solely a technology issue. Effective data security requires a comprehensive plan that includes educating your people and formulating processes to avoid mishandling or unauthorized access.
Is your company bombarded with lengthy data security/data protection questionnaires from current and potential clients? Are you uncertain how to answer these inquiries completely and correctly? Failure to respond to such requests or doing so insufficiently or inaccurately can lead to lost business and/or risk exposure for your company.
ISO 27001 implementation and certification provides your company with a strategic information security framework that can help you win business and educate your staff on key measures for protecting your valuable data.
The steps to certification to this ISO standard are not overly complicated, and CIRQ services can accommodate virtually any timeline, with the understanding that external client demands, or contractual obligations often drive the decision to certify. Let us help you take your organization to that next, market differentiating level by contacting CIRQ today.