We are pleased to confirm Legalesign's successful 3-year re-certification for ISO27001, the ISO standard for data protection. This ISO provides Legalesign with a management framework for responsible data protection management and continuous improvement.
The ISO 27001 tests the business for its processes, policies and procedures against a comprehensive set of requirements. The ISO is fundamentally a formal framework of requirements coupled with a risk management process. Those two elements, combined with a continuous process of internal and external audit, provides the business with rigorous data procedures and ensures continuous improvement in data security going forward.
For Legalesign the ISO is an important component of our offering and, alongside our Cyber Essentials certification (another external audit in this case of our cyber defences), both demonstrate and signal our commitment to customer data protection.
The ISO has ensured, for example, that we deliver on-going security training to our employees, that we have controlled processes to engage employees and leadership, that our operational procedures remain strong and responsive to change, and much more. The ISO ensures controls and change are implemented in a measurable way, so we can build and improve what we do over time, and most importantly so customers can be sure our data security is up to standard now and into the future.
The 3-year audit is a full re-certification rather than an interim surveillance audit. It is timely. The arrival of the GDPR and the general increase in security awareness, driven by an increase in reported cyber-crime incidents, has seen the issue of data protection pushed firmly to the top of the IT news agenda, and moves data protection as a key factor in any software buyers decision-making.