At Webreality we attach the greatest importance to preserving the security of the information we control or process. It is a strategic imperative for us.
This means that we commit significant resource to ensuring the confidentiality, integrity and appropriate availability of information belonging to our clients and to our business.
An ISO 27001 certified digital agency
We have always taken information security seriously, but in 2022 we determined that the time had come to seek a formal recognition of our approach and credentials. This involved undertaking the process of preparation for eventual certification to the ISO 27001 standard, which is the global benchmark for information security management.
The process involved elevating our existing policies and procedures into a properly constituted Information Security Management System, and preparing the business to be formally audited by an accredited ISO 27001 assessor.
After nine months of focused effort, we were assessed by BSI Group in March 2023 with a positive recommendation for certification, and our certificate was issued to us in June 2023.
ISO 27001 is more typically held by very large businesses with greater resources than Webreality, so this was a substantial strategic investment for us, and a very significant achievement for our team. It can be taken as evidence of our seriousness about operating to the highest standards of information security management.
ISO 27001 in practice
Implementing ISO 27001 involves:
- The identification and assessment of information security-related risks, using a documented risk-assessment process
- The maintenance of an information security risk register, showing risk ratings and mitigations adopted to manage each risk
- The development and implementation of a comprehensive Information Security Management System (ISMS) derived from the content of the risk register
- Quarterly reviews and updates of all of the above
- The appointment of a Chief Information Security Officer and an Information Security Manager to oversee the effective implementation of the policies, procedures and controls defined in the ISMS
- Keeping detailed records of any identified information security incidents and feeding resultant lessons learned back into the business to reduce any risk of recurrence
- An ongoing internal communication programme to ensure employees are aware of aspects of the ISMS relevant to their roles, and risk-specific training where appropriate
- Submitting to periodic external audits by an accredited assessor to ensure continued compliance with the standard.
Webreality's clients can be assured of our ongoing commitment to maintaining the highest standards of information security management, such that their digital assets and commercial interests are in competent and diligent hands.
Contacts
Dave Barton - Chief Information Security Officer
Giles Olley - Information Security Manager
If you have any questions about our ISO 27001 certification, or about our information security policies generally, please contact Dave Barton.