ISO/IEC 27001 standard – standardisation of information security management systems

26 March 2021

Our firm has recently been certified by the British Standards Institution (BSI) as an organisation which has implemented the Information Security Management System in compliance with ISO/IEC 27001:2013.

The certificate confirms our efficiency and effectiveness in supplying HR, payroll and combined HR & payroll services to third-party clients, in administration and front desk services, as well as in the implementation of HR processes for our own and for other Rödl & Partner group companies' purposes. BSI was established in 1901 and it is all about international standards.

What is ISO/IEC 27001

ISO/IEC 27001 is an international standard providing requirements for establishing, maintaining and continually improving information security management systems. It is a collection of good practices in data security management to ensure data security.

The standard deals with information security among others in the following areas:

• security policy;
• organisation of information security;
• human resource security;
• management of information security incidents.

Why did we choose the ISO/IEC 27001 standard

It is an international standard which matches Rödl & Partner values, and one of them in particular: top customer service, up to highest standards. The BSI ISO/IEC 27001 certificate will increase our clients’ security.
Relatively few organisations in Poland and in the world meet the requirements set by the standard. Still too few organisations know how to implement processes related to information and document – i.e. client’s assets – management.

By obtaining that certificate we wanted to emphasise that as Rödl & Partner employees we deal with our clients’ sensitive data and the security of that data is of utmost importance to us.

BSI ISO/IEC 27001 certificate in practice

Certification to ISO/IEC 27001 adds great value to the firm’s internal processes. It helps organise the procedures in place. It provides employees with clear standard procedures to follow in each of the information security areas. And, most importantly, it is a tool for internal control – it shows where the organisation stands in terms of data security measures.

However, before we obtained the certificate, we had to prepare for the process. Now we know that the adopted solutions are indeed top-notch.

BSI certificate expiry date

BSI  ISO/IEC 27001 certificate is valid for 3 years. An independent certification agency performs an audit/inspection at least once a year and checks whether the procedures comply with the standards.
Working on the information security management system does not end after obtaining the certificate. What is most important is continuous improvement and maintenance of the certification in the following years.

What does ISO/IEC 27001 mean for our business

ISO/IEC 27001 is a very important tool for improving the firm’s security system. Meeting the requirements imposed by ISO/IEC 27001 standard and getting certified means that the firm ensures information security.
The BSI ISO/IEC 27001 certificate confirms Rödl & Partner’s efficiency and effectiveness on the consulting market.