ISO business implementation

ISO Implementation – How to get started

Author:
Emily Martins
Cybersecurity Consultant

Organisations increasingly have to be able to demonstrate to suppliers, end-customers and regulators that they can be trusted for information security and privacy management. Channel Islands-based businesses are no exception, and, like many businesses, you may have identified that having ISO27001 demonstrates that your organisation will have identified risks and put in place preventative measures to protect your network and data from cybersecurity breaches.

What is ISO27001?

ISO27001 icon

ISO/IEC 27001:2013, more commonly referred to as simply ISO27001 or ISO27k, is the international standard for information security. Together with the accompanying guidance of ISO/IEC 27002:2013 it is designed for organisations of all sizes to establish, implement, maintain, and continually improve an Information Security Management System (ISMS) suitable to secure their Information Assets.

business ISO implementation

Why ISO27001?

Peace of mind

Your customers expect you to keep their data secure, but what about yours? Implementation of ISO27001 means that every piece of important data you hold is considered, and therefore secured.

Reduce Information Security Risk

The Confidentiality, Integrity and Availability of Information and Information processing facilities are key in ISO27001. Implementation and monitoring of controls can help reduce downtime to your customers whilst maintaining accuracy and confidentiality of the data.

Satisfy your stakeholders

Understanding the requirements of your interested parties is a crucial component within ISO27001, meaning that your controls are tailored to the stakeholders that you need to satisfy the most, be this your customers, your CEO or even regulatory bodies.

 

businessman thinking about ISO implementation

How do I get ISO27001?

Firstly, get Top Management ‘buy in’

While it might seem obvious, in order to implement an effective ISMS there needs to be direction from the top down. This is important for a number of reasons, including;

  • Resource and Support – ensuring that your ISMS has sufficient staff, controls and budget to run effectively.
  • Change management – knowing what changes are happening within your business, allowing for changes within the ISMS to be considered and ensuring that there are no unexpected surprises.
  • Accountability – Top Management is ultimately accountable for the ISMS, and any ISO27001 Auditor will need to know that they are on board.

Determine the Scope of your ISO27001 accreditation

A smaller scope isn’t always easier. When leaving some parts of your organisation out of the scope, it means they have to be treated as an “outside world”. That means you have to limit their access to the information within the scope, potentially creating more problems when it comes to implementation.

Additionally, if you become certified, a Change To Approval (CTA) will be needed for each scope expansion, meaning more money and more time. This is why it is crucial to seek professional advice for undertaking your ISO27001 accreditation – to be able to fully evaluate your business requirements.

Perform risk assessments, implement controls and audit your ISMS

Once you’ve defined your scope you will then need to ensure that your business has considered the risks to your information, applied the appropriate controls and validated that these are working effectively and in line with the requirements of the standard through internal audit. Once you are confident that your ISMS is working you can then consider your next steps towards certification.

 

business colleagues discussing ISO implementation

Compliance vs Certification?

Determine exactly then what your business is aiming for – Compliance vs Certification.

Compliance can be defined as the point where an assessment, usually an internal audit, proves that the processes and controls determined by the ISMS are working satisfactorily, whereas certification requires an independent audit from an external body – this is where companies like JT come in.

When looking to certify selecting the right auditor is crucial, we advise that you select an auditor who is accredited by UKAS, the UK's recognised accreditation body.

What’s next? Planning your business case for an information security management system

JT can help to take your organisation on its ISO27001 journey. Our experts are on hand with years of experience in the implementation and auditing of ISO27001 Information Security Management Systems.

We’ll be able to walk you through setting your objectives, select your appropriate controls (Risk Assessment, legal, statutory and regulatory requirements, etc.) through to implementing your IMS system.

And, we’ll work with you to action any risk treatment items identified, embed your policies and procedures, perform audits and continually improve your security.

In addition to improving how regulators, customers and suppliers view your business’s security, ISO27001 certifications will benefit your internal systems, processes and day-to-day operating procedures.

Don’t delay – get in touch with our team today to discuss your journey to ISO27001 certification:

Enquire now >



JT works with new elite sports academy to develop the skills of the island’s youth

JT is proud to be working with Strive to help talented young people excel at sport and reach their full potential, as well as assisting to put Jersey on the map as a location for elite sports.

Strive is a pioneering centre designed to provide the best knowledge and expertise to train athletes and sports people and to encourage greater participation in sport and wellbeing within our community. Its core belief is that a healthier lifestyle should be available to everyone and Strive is committed to providing opportunities for young people by teaming up with local secondary schools to develop the skills of students through its dedicated Academy programme.

As sponsors of the Academy’s Education Room, JT has provided the digital equipment required to support the Academy’s health and fitness education programme.  It will teach young people how sport ties in with leading healthier lifestyles and give them the knowledge and ability so that they can inspire their families and friends to lead healthier lifestyles as well.

An additional aim of Strive is to support local athletes and teams with a desire to improve, giving them access to the services that are essential for those dedicated to pursuing excellence in their sporting endeavours.

Strive will use JT’s Managed Wi-Fi service throughout the premises, providing world-class, reliable, secure and hyper fast Wi-Fi for members, local athletes and visiting professionals, such as the British & Irish Lions rugby team during their upcoming training camp in advance of their tour of South Africa.

Daragh McDermott, Managing Director, JT (Channel Islands), said: “We recognise the importance of working alongside such a pioneering project to elevate the profile of the Island and more importantly support the learning of Jersey school children. This venture will enable an equal platform of opportunity for children to grow and flourish, presenting athletic opportunities that, without this facility, may not be achievable. The centre will offer a diverse range of sports activities, thereby securing continued participation in sports and its important link to a healthy lifestyle. Designed to support a healthier life, Strive is a state-of-the-art facility that combines the services normally found in a health club with the expert coaching and advice associated with elite sport, enabled by state-of-the-art facilities and underpinned by JT’s world-class fibre network.”

Ben Harvey, Managing Director, Strive, said: “We are partnering with all Jersey’s secondary schools and are really excited to be nurturing the aspirations of our young people to live more active and healthier lives. We are working towards empowering young people with purpose, self-esteem and leadership and we are grateful for the support and expertise that our partnership with JT is securing for this centre. We see it as our mission to provide fitness and health education to all young people in Jersey.”

For more information about Strive visit www.strive.je



JT’s SD-WAN Solution

Technology that makes change possible

SD-WAN has long been considered the saviour of network management and the answer to solving three critical challenges faced by businesses everywhere - reducing costs, increasing efficiency and tightening security.

So what exactly is SD-WAN?

Is it something you need and more importantly just how will it benefit your business? Put simply it’s a one stop solution used to control the connectivity, management and services between your main sites, data centres and remote locations, it’s a better way to build and manage your WAN.

Do I need it?

With the recent seismic shifts in day to day working, business requirements in the connectivity space have needed to evolve at a rapid pace. Never before has it been more important to ensure that your business is adaptable enough to function, no matter what the circumstances or location while also ensuring your network is fully reliable and completely secure.

That's where JT's SD-WAN, a fully-managed network overlay solution comes in. We can play an essential role in simplifying your network operations while optimising its performance. JT’s SD-WAN gives businesses access to an efficient, economical solution that's reliable, secure, and highly scalable – peace of mind in a changing world.

Software-Defined Wide Area Network: Why make the move to SD-WAN?

Here are just 5 key benefits of JT's SD-WAN:

1. Rapid Deployment / Low Capital Investment

As the service is configured and hosted on our infrastructure, it means deploying SD-WAN over your network is much faster than traditional private networking solutions and most other SD-WAN services. It also means, that you get the full suite of features that would only typically be available to businesses who host and configure their own infrastructure. This offloads a significant amount of upfront costs and JT's SD-WAN solution is flexible enough to adapt to your business needs, no matter what size it is today or in the future.

2. Network Infrastructure Agnostic

Do you have multiple network connections, provided by multiple carriers, including MPLS, DIA and LTE, patched together and spread all over the globe?

Deploying JT’s SD-WAN allows businesses to manage, and even simplify their existing networks, all in one place. If you rely on several alternative networking services, integrating them with SD-WAN is not as complicated as it may seem – which means you can keep your existing networks when you start using SD-WAN.

3. Seamless integration with MPLS

For those looking to maintain an existing MPLS network, JT’s SD-WAN can easily sit 'over the top', integrating other connectivity options where required and enhancing traffic prioritisation through seamless path selection on specified routes as needed. This means that your MPLS solution can be integrated with  JT’s SD-WAN, giving you the service you're used to without adding complexity, just simplifying visibility and control.

4. Insights & Intelligence Based Routing

JT's SD-WAN automatically prioritises routing by application or traffic type because it provides a layer of intelligence over your WAN. Being able to utilise and merge with all infrastructure options, MPLS, DIA, broadband or even LTE, new sites can be added to your network, quickly and efficiently. It's a solution that's as flexible and adaptable as you need it to be.

5. Built-in Security

JT's SD-WAN comes with built-in UTM and NGFW security. These solutions protect your data and applications across all your networks. It's a robust security solution from an industry pioneer in network security. JT's SD-WAN is also flexible enough to seamlessly incorporate third-party security solutions, service chaining your existing firewall into your new SD-WAN enabled network.

Take the next step

So, if you are considering the next steps in the evolution of your network, and want to talk through how that might look and what it might take to achieve, please contact us and let’s make that happen.

Complete the form below to learn more about how JT’s SD-WAN can make your networking more intelligent.

 

Other content you might be interested in:

JT launch secure business service after successful hospital trial

Dr Chris Hare, Consultant Cardiologist, Jersey General Hospital, said: “I spent a full weekend on-call deliberately reporting all emergency scans from home. There were quite a few and they were complex. With JT’s SD-WAN, it was possible to review scans while patients were still on the table enabling rapid decisions about whether more was needed to be done or if they could return to their ward. With the system we had in place previously I would never have even considered attempting this, they were too slow, making it quicker for me to drive to work. But this new solution from JT is a gamechanger.”

Read more >