Business services company Grass Roots is celebrating its achievement of ISO 27001 – the industry standard in Information Security Management. This internationally renowned accreditation confirms that a business is storing and transferring information according to best practices which ensure confidentiality, integrity and availability. There are some 450 companies in the UK that are certified to the demanding standard. Grass Roots is one of very few suppliers in the incentives and reward and recognition area to be compliant.
To maintain the accreditation, a business must subject itself to rigorous biannual external audits. Companies must prove they have adequate information security measures in place, a management team that is accountable and a process for raising security incidents.
Any member of staff must be able to explain why information security is important, know the basic levels of document classification and be able to locate and refer to the company’s information security policies.
“We hold and manage vast quantities of data on behalf of our clients”, commented Grass Roots Managing Director, Andy Lister. “The issue of security is never far from the headlines. At Grass Roots, we have always prided ourselves on robust processes and gaining this accreditation is a further sign of our commitment to maintaining the highest possible standards where our clients’ customer, employee and channel partner data is concerned.”
In addition to ISO 27001, Grass Roots, which recently celebrated its 30th anniversary, also holds the quality management standard ISO 9001:2008 and is currently working toward the environmental impact standard ISO 14001.