With the news that CDEC has received ISO 27001 accreditation, Spiros Andreou, information security manager, considers the role of ISO in the light of the coronavirus pandemic and how it can help companies to rehabilitate and stand out in an uncertain world.
The impact on businesses of the coronavirus pandemic have been vast; from those organisations that have been left unable to trade indefinitely, to those that have had to swiftly move to a working from home scenario, the financial and human implications will be felt for some time to come.
Business have also taken risks during the crisis to keep money coming in, whether that’s developing and releasing software rapidly, making quick, reactionary decisions without the calm of planning, or even changing their whole business model (for example from eat-in to home delivery). All of these have implications for data security, however looking ahead and the largest change to manage will be the human change.
Around 7.5 million people have been furloughed in the UK alone, and although a source of some security in the short term, it is yet to be seen how those employees will respond to what is likely to be another rapid change to their circumstance when it is deemed they are able to return to work. Many furloughed staff will return with different mindsets, motivations and mentalities. Some may not have worked for several months, not knowing if they will have a job to go to, and they will likely find their workplace vastly changed, with new cultures, working practices and processes implemented.
The impact on those employees who have continued to work throughout the crisis also shouldn’t be underestimated; where organisations have run a caretaker management team, for example, those individuals may be burned out, tired and yet still be expected to communicate a great deal of change and new procedure with incoming team members. With so much fragility and uncertainty among these two groups it seems likely there will be confusion, differences of opinion and possible discord between team members, adding to what will be a very challenging commercial landscape for AV in the coming years.
Add in the fact that the whole organisation may have transitioned to a new model, of which remote working may be just the tip of the iceberg, and businesses should consider the very serious task of rehabilitating both the caretaking team and staff who were furloughed, acknowledging that some staff may not readjust.
But what role does ISO and the international standards it develops have to play in this changing landscape? In the quiet return-to-work period, organisations have an opportunity to address both the commercial challenges and the internal changes they’re facing through the adoption of industry standard management systems, such as the ISO 9001 quality management system and the 27001 information security management system.
ISO 9001 is focused on process and demonstrating the auditability, accountability and maturity of those processes. Collecting new and changed processes together, managing any future change and improving when things go wrong is all part of the spirit of this standard. Businesses who achieve ISO 9001 accreditation demonstrate a commitment to carefully managing process, and the implementation of this standard can be a project that both the caretaking team and furloughed staff can rally around – defining what a process now looks like, measuring its performance and contributing collectively to its maintenance.
Likewise, ISO 27001 is centred on information security – auditing systems that may have been changed or developed during the pandemic, ensuring that governance and accountability is brought back to tools, data and workflows, and providing assurance to both customers and management that both business and customer data is being held and processed responsibly. Given that the rush to develop remote working strategies may have resulted in tools being chosen and implemented quickly and policies being developed on the fly, highlighting that data security remains high on the agenda will be crucial if trust is to be maintained going forward.
Indeed, ISO accreditation can be seen as a sign that a business has weathered the storm and can be relied on to manage contracts long term, transact securely and survive in a world of growing uncertainty, making it an invaluable tool in the current environment.