HANDD has recently transitioned successfully from the ISO27001:2013 to the ISO27001:2022 version of the standard. This means we continue to be certified by UKAS for “ The provision of data protection consultancy, training, incident response, cyber security, system design and implementation services”.

While transitioning to the 2022 version of the standard is a UKAS requirement, it also makes perfectly good sense for HANDD to do so for the following reasons:

• Staying current with best practices – the ISO27001 standard is regularly reviewed to ensure it remains relevant and aligned with the ever-changing digital landscape.
• Enhanced security – the updated standard now has tighter provisions around cloud services and data privacy as well as considerations for environmental issues. These are all typically important for our customers and partners.
• Improved Risk Management – streamlined compliance and strengthened IS management systems lead to better overall risk management.
• HANDD’s commitment – transitioning demonstrates to our customers and partners our commitment to information security.

As well as the typical recommendations and opportunities for improvement made in our external transition audit, HANDD also received a very much atypical “Best Practice” commendation for its ISMS scoping. Here is what the UKAS/NQA assessor has to say:

“BP01 – The organisations’ fully detailed and realised approach to determining and recording the boundaries and applicability of its information security management system establishing its scope within the documented ISMS scope is considered to be a sign of best practice in this area.”

While reviewing the ISMS in the months leading up to our assessment, HANDD’s management has taken the opportunity to review our related objectives. One of our key ISMS objectives is to ensure that customers can easily satisfy themselves that HANDD is serious about its security commitments, when choosing our products and services. To this end, we have taken the decision to classify as many of our ISMS documents as we can as public – which means we will now share most of our policies with you upon request. We hope this will save you effort and expense, when it comes to performing your due diligence, because we have the same challenges performing our own due diligence.

Finally, here is our Chief Executives Statement of Commitment to our Information Security Policy:

“As a company, information processing is fundamental to our success and the protection and security of that information is a board level priority. Whether it is employee information or customer information we take our obligations under the GDPR and Data Protection Act 2018 seriously. We have provided the resources to develop, implement and continually improve the information security management appropriate to our business. We require all personnel to apply information security in accordance with the established information security policy, policies and procedures of the organisation.”