Two years ago, Propylon® achieved its ISO/IEC 27001:2013 certification. To date, we have passed all interim surveillance audits, most recently last month, reaffirming our commitment to best-in-class security practices. We have extended our Information Security Management System (ISMS) to ensure that areas of risk reduction are identified and implemented across the business to the highest possible standard.
The robust processes already in place prior to certification made our initial ISO audit largely a matter of consolidation.
Embedded in how we do business
Cybersecurity at the forefront
Propylon’s ISMS is the mechanism by which we react to the evolving information security risks associated with our business. Achieving accreditation is not a tick-box exercise but rather a long-term commitment to safeguarding our clients’ data from threats. Indeed, today’s cyber threats are becoming increasingly sophisticated and as the number of possible attacks and vulnerabilities develops, our specialists are tuned into the ever-changing landscape.
To that end, we have established a cybersecurity group to focus our efforts. The group meets bi-weekly to define areas for further improvement, conduct research into best practices and incorporate them into our IT strategy.
Carving out this dedicated space helps drive a strong security culture. One item identified was our Microsoft Secure Score which is “a representation of your organization’s security posture, and your opportunity to improve it.” While the average score is typically 45 percent, we have improved our score to 76 percent.
We have continued to evolve our system and ensure that we are constantly improving it as the needs of our domain progress.
What’s next?
Our ISMS and security practices have been rigorously tested and satisfy requirements with an accredited auditor. Adhering to the highest standards ensures that your information assets are protected and handled with best-in-class security practices. Meanwhile, we have an eye to the future to ensure that our processes are evolving to meet the evolving risk landscape.
