Global Voice Group (GVG) has recently achieved the ISO 27001 certification, in compliance with the highest industry standards. ISO certification is delivered by an accredited third-party body to officially confirm that a company operates as per one of the international standards developed and published by the International Organization for Standardization (ISO). More specifically, ISO 270001 is “the world’s best-known standard for information security management systems (ISMS) and their requirements.”, says the ISO. In this blog, Laurent Sarr, GVG’s Chief Technology Officer, answers five questions about this standard, the related benefits and requirements, and GVG’s rationale behind seeking the certification.
Could you tell us about the ISO 27001 standard and its related standards in the ISO 27000 family?
ISO 27001 is an internationally recognized specification for an information security management system. It forms part of the ISO27000 category, which covers best practices in data protection and cyber-resilience.
Data is big business these days. Companies and organizations collect and process significant amounts of data on a daily basis. Data protection is therefore a crucial consideration for them. Indeed, if they do not protect the data optimally, they expose themselves to risks such as security violations and financial losses. Furthermore, their reputation might be at stake.
The ISO, therefore, created the ISO 27001 standard, which is the only one that deals with the overall management of information security, without limiting itself to the technical controls to be implemented.
What requirements do companies need to meet to obtain the ISO 27001 certification?
Any company needing to formalize its business processes in relation to data security and privacy would greatly benefit from applying for ISO 27001.
To obtain the certification, companies need to show that they are committed to following the relevant strict rules and processes, with a view to continuously improving, developing, and protecting the data they handle.
To do so, their first step would be to create an ISO 27001-compliant information security management system. This involves carrying out a gap or risk assessment, following which the company will be able to identify and implement the necessary security measures. Once it has done this, it can have the system certified by an accredited certification body. Finally, the company must be ready to maintain and continually improve the system.
More specifically, as far as GVG is concerned, which processes does this certification validate?
The ISO 27001 certification procedure established the fact that GVG complies with all the data security requirements.
This means that we have the capacity to ensure the security, integrity, confidentiality, and availability of the data, whether this data is in a hard copy or digital format. And the security of the data depends on our ability to effectively counter cyber-attacks, securely centralize all data, ensure the protection of the company against technology-based risks and other threats, adapt to new security threats and select the most appropriate protection technology. Incidentally, making use of the right technology helps cut costs, which is also one of the ISO 20071 certification criteria. The certification shows that GVG ticks all the boxes in that respect.
I would also add that the ISO 27001 certification validates the information systems supporting the processes for the monitoring of digital transactions, the latter representing one of our core activities. But to summarize, the procedure validated all the IT processes and systems behind our platforms. This confirms that our information and monitoring systems are consistently compliant with the highest industry standards.
What prompted GVG to apply for this certification?
GVG always demands and works to, the highest standards of quality and security. We specialize in the collection and analysis of huge volumes of often sensitive data to support the decision-making processes of governments and their agencies. It is therefore essential for us to be able to offer our customers reliable data and to assure them that our data handling processes are fully compliant with best industry practices. And what better way to do so than to present them with the ISO 27001 certification as formal confirmation? That is the first reason why we decided to apply for certification.
The second reason is to enhance our competitiveness in tenders. Indeed, we get most of our contracts through tender processes, and some countries do require the ISO 27001 certificate as a prerequisite for qualification. Furthermore, the tender process must by definition be clean and transparent, and it is important for us to meet all the requirements in that respect.
The ISO 27 001 certification testifies to our commitment to the highest standards of data security. It also shows our clients, partners and other stakeholders that their data is safe with us.
What benefits will GVG and its stakeholders derive from this certification?
From our stakeholders’ perspective, the ISO 27001 certification gives them the assurance (and reassurance) that we are committed to consistently ensuring the security and protection of the information or data we process. It also confirms that we make use of an information security management system that is in line with information security best practices. I believe this will help strengthen our existing partnerships and build new mutually beneficial ones.
For us as a company, the certification means that our data security processes have been externally and independently verified as meeting all the requirements. Furthermore, the procedure has been a very interesting and stimulating data protection enhancement exercise, which is crucial in our activity.
I would also like to add that the certification has been received in four different languages – English, French, Spanish, and Portuguese -, which supports the company’s market expansion strategy across multiple geographies.
In conclusion, I would like to stress how valuable the certification procedure has been for us as a company. From an operational perspective, it has required us to review and optimize our data security and privacy processes, for our own benefit as well as that of our stakeholders. We are proud to have been able to demonstrate our commitment, effectiveness, and technological readiness in that respect. And from a business perspective, we look forward to presenting our stakeholders, and the industry at large, with this formal recognition of our dedication to data security.
Want to read the latest interview with our Technology Director on Revenue Assurance? Click here.