In 2021, Propylon earned its ISO/IEC 27001:2013 certification. Founded in 1946, ISO (International Organization for Standardization) is an internationally recognized, independent organization that brings together global experts to develop and publish standards. ISO/IEC 27001 provides requirements for an information security management system (ISMS) through which organizations can manage the security of their information assets.
Why ISO 27001?
Propylon was founded on a mission to innovate and improve the lifecycle process of laws and regulations. Our vision of positive disruption guides us not only in evolving and expanding by delivering solutions that meet our clients’ needs in the here and now, but also in anticipating their future needs.
The increase in cyberattacks globally has been well-publicized. Figures from Accenture reflect a triple-digit increase (125 percent) in incident volume in the first half of 2021. Meanwhile, the average organizational cost to businesses after a data breach has continued to increase year-on-year.
Another factor is that many businesses are now storing their data in the cloud. According to Deloitte research, the top driver for cloud migration is security and data protection, followed by data modernization. Indeed, at Propylon, our software solutions are deployed in a cloud environment. While a number of our clients opt for on-premises deployment, we have also seen increased demand for hosted solutions.
Additionally, our technology handles some of the world’s most important content. We do not take this lightly. Undergoing the rigorous process of ISO 27001 accreditation allows us to systematically test our current processes and drive our continuous information security improvement efforts.
Our journey to accreditation
Central to achieving accreditation was formalizing our existing information security policies into an ISMS. As we already had robust processes in place, this journey was largely one of codification and consolidation.
At Propylon, our ISMS working group spearheads the management of our framework.
There were five key stages to our approach:
- Define our ISMS scope
- Compile an inventory of our assets
- Identify risks associated with those assets
- Implement policies to mitigate these risks
- Detail our Statement of Applicability to the ISO standard
During the lifecycle of this project, we carried out a thorough examination of our current ways of working. Risks were identified and ranked accordingly on our risk register. As well as putting into effect risk treatment processes, we also implemented several new initiatives such as moving our entire team to Windows.
Following the implementation of our ISMS, we also put into effect a schedule of internal audits to continually review the efficacy of our policies and procedures. The Statement of Applicability lists all the controls included as part of our ISMS. Finally, the effectiveness of our ISMS is monitored and measured by a set of KPIs which are updated monthly. These and other opportunities for continually improving our ISMS are the main focus of the regular ISMS Management Team meetings.
What does ISO/IEC 27001 mean for our future?
The external ISO audits confirm that we are properly documenting and implementing processes that adhere to the highest standards in protecting Propylon’s information assets and those of its clients. It ensures that we are striving for security measures that safeguard the critical work our clients do in publishing, and understanding changes, to our laws and regulations.
Achieving the certification is not just a checkbox, but rather a framework for ongoing development. Each time a new employee joins our team, each time a new project begins, we have robust processes in place that manage change in the best way possible.
Further, our ISO compliance ensures that we’re staying on top of best practices. Our ISMS group continues to meet monthly, review changes in the business and assess what can be done better.
Our mission to innovate
As we progress, we at Propylon will continue to hold ourselves accountable to the highest standards. To that end, we also achieved our Cyber Essentials Plus accreditation in 2021. Our clients can expect the same focus on quality while having peace of mind that as new cyber developments emerge, we are looking to the future with best-in-class security processes in place.