The ISO/IEC 27001 Information Security Management System provides requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Our Irish offices have worked through the planning and implementation of the system over the past 18 months. The NSAI undertook a two-stage audit of the four ROI offices in late 2017 and recommended RPS Ireland for accreditation.
ISO 27001 can provide a basis for evidence of compliance with the EU General Data Protection Regulation (GDPR), which will apply across all EU Member States and has significant implications for businesses operating within the EU market.
Connie Wiseman, RPS IT Director said “This is a huge achievement and the culmination of many months of work for the IT team here in Ireland and staff throughout the offices. The timing is great and puts us in a strong position as we approach the GDPR deadline of 25th May 2018.”
Key to implementing the new system is communicating to staff that every RPS employee is responsible for information security. The process has involved changing habits in relation to information security, from locking workstations when stepping away from the desk, to locking laptops away at the end of the day. A clean desk policy has been implemented across all offices to protect sensitive information and personal identifiable information (PII) in line with GDPR. It has required changes to our project filing system and numerous new privacy and security controls. Project managers and teams follow new procedures to ensure the security needs and expectations of all the stakeholders on their projects are considered and all PII is protected.
Information security and protection of personal data is a top priority for our public and private sector clients as the GDPR deadline approaches. Achieving ISO27001 accreditation is confirmation that we can deliver and manage their projects securely.