November 2023 
NSFT has recently achieved a globally recognised standard for our information security management, further demonstrating our commitment to protecting the sensitive information we work with every day.
The standard, ISO/IEC 27001:2022, provides a systematic and structured approach to managing and protecting sensitive information within an organisation. It requires organisations to implement a comprehensive set of policies, procedures, and controls to manage information security risks, and ensure the confidentiality, integrity, and availability of information.
The benefits of achieving the new standard are:
- Resilience to cyber-attacks
- Preparedness for new threats
- Data integrity, confidentiality and availability
- Security across all supports
- Organisation-wide protection
What is ISO/IEC 27001?
It’s a globally recognised standard for information security management. It was developed in collaboration between the International Organisation for Standardisation, the ISO, and the international Electro Technical Commission, the IEC. The standard is designed to be flexible and can be applied to all sorts of organisations of any size, from small businesses to multinational corporations. It provides a comprehensive framework for organisations to manage and protect their sensitive information, reducing the risk of data breaches, cyber-attacks, and other security incidents.
Who needs ISO/IEC 27001?
Nowadays, data theft, cybercrime and liability for privacy leaks are risks that all organisations need to factor in. The ISO/IEC 27001 standard enables organisations to establish an information security management system and apply a risk management process that is adapted to their size and needs, and scale it as necessary as these factors evolve. The benefits of this standard have convinced private, public and non-profit organisations to adopt it.
How will ISO/IEC 27001 benefit NSFT?
Implementing the information security framework specified in the ISO/IEC 27001 standard helps NSFT to:
- Reduce vulnerability to the growing threat of cyber-attacks
- Respond to evolving security risks
- Ensure that assets such as financial statements, intellectual property, and staff and patient data remain undamaged, confidential, and available as needed
- Provide a centrally managed framework that secures all information in one place
- Prepare people, processes and technology to face technology-based risks and other threats
- Secure information in all forms, including paper-based, cloud-based and digital data
- Save money by increasing efficiency and reducing expenses for ineffective defence technology
You can find out more about the ISO IEC 27001:2022 standard via this link.
You can view the certificate: NSFT British Assessment Bureau Certificate [pdf] 336KB
