The surprisingly low cost of storing information electronically has meant that businesses are holding increasing amounts of personal information. While it has been shown that these types of digital files are more secure than paper file storage, there will always be a concern about their protection. This is particularly interesting with data protection being high on the agenda of most businesses.
ISO 27001 Information Security
Because Datascan work with sensitive personal information we had to ensure our systems went above and beyond a normal business when it came to data protection. In early 2017 we began our journey to get certified to ISO 27001 Information Security Management. We needed to ensure that our clients information was kept secure at all stages while in our care.
Having digital files makes it easier to audit information, this is one reason our clients have us scan their documents. When GDPR came into place, they were in a better position to ensure compliancy. Data protection control requires information on what types of personal data is held, what format it is in, why it is being stored and for how long. It is much easier to answer these questions and others on access control when you have digital files. A major part of our journey to ISO 27001 was exploring these questions on data protection and ensuring our processes had us covered and protected our clients.
As part of our certification we also had to look at physical security of our premises. With our CCTV, biometric access, and management security background we were already covered in this respect. Security when collecting and transporting data was another area we had to test and strengthen with encryption and other layers of security. We also had to look at our IT Infrastructure from a security point. Our long standing managed IT service providers had us well covered with layers of security from anti-virus software and firewalls to secure cloud storage and beyond. All were tested during the audit.
ISO 27001 is an information management standard approved by the International Organisation for Standardisation. If a body is certified to be ISO 27001 compliant, it demonstrates compliance with the security requirements of the Data Protection Acts. Datascan Document Services are proud to be certified to ISO 27001 for the protection of our data and that of our clients.