ISO 27001 standard: the new future for Health?

With data breaches costing the NHS an estimated £73 million annually, will the ISO 27001 standard soon become a prerequisite?

The ISO 27001 standard is an instantly recognisable international certification. It provides a best practice framework for organisations to follow. It is an accreditation that can trace its origins back to 1995, where it was referred to as the British Standard 7799. It has continued to evolve over the years to take into account the latest technologies and trends. In 2013 the latest revision of the standard was published, titled ISO 27001:2013, the update takes into account the current digital climate and what is needed to protect a client’s data within it.

Why ISO 27001?

To see the ISO 27001 standard is to see an organisation that goes the extra mile to protect its data and that of its clients. Between October and December of 2015, the Information Commissioner’s Office received nearly 500 cases, relating to data security incidents. It is a worrying trend, but one that emphasises the need for best practice and ensuring that organisations take their data seriously. Imagine if the NHS had data relating to patient records stolen, the Care Home that your relative was living in had all their medical data stolen or your bank lost all transactions relating to your business account. It is unthinkable, but it does happen.

The ISO 27001 standard outlines best practice and security procedures to organisations, from the ground up, it embeds a ‘best practice culture’. It helps avoid incidents such as those reported in the media, when employees lose memory sticks containing sensitive information, it defines where and when data can and should be accessed. It helps employees see data and the need to protect it every day, while also helping your organisation to be legally compliant with data security standards.

The British government adopted the ISO 27001 framework to all central government departments and is more likely to do business with organisations that also adhere to the framework.

Stand out from the crowd

The number of ISO 27001 certifications has grown steadily in the past ten years, from just over 1,000 organisations in Europe being accredited in 2006 to nearly 9,000 organisations being accredited in 2014. The rise in accredited organisations can be tracked to the rise of digital data, with estimates suggesting that 90% of the world’s data has been created in the past five years. Smartphones, tablets and even smart watches create data and the constantly evolving nature of this digital landscape means that information security has needed to evolve with it.

Having nearly 9,000 organisations compliant is a tremendous success, however, when compared to the number of registered companies operating in Europe, it does show that there is a long way to go.

With estimates placing the number of registered companies in Europe at more than 25 million, the potential for data breaches is astronomical. The ISO certification can help your business stand out from the competition.

With the average cost of each data breach estimated to be near to £107 per record and the number of records going missing to total, 2,000 per day, we see a costly trend. Using these data figures, we can estimate that data breaches cost the NHS more than £73 million each year and with more and more scrutiny being placed upon organisations. With these startling figures it is easy to see why ISO 27001 is increasingly becoming a prerequisite to doing business with Health/NHS services.

It is simple to argue that there is a distinct market value to ISO 27001 certification. It is financially prudent to protect your organisation’s data and to meet the legal requirements of nations in which you seek to do business.

Achieving certification is a valuable and visible proof of your organisation’s willingness to meet internationally-accepted data security standards. Achieving this international standard is not simply marketing: as nations implement their own regulations regarding data protection comparable to the DPA, the ability to prove that your organisation complies with ISO 27001 is likely to open business opportunities across the globe.

Don’t get left behind

OLM Systems’ Hytec division can help. Hytec have been providing specialist information governance and security to organisations for more than 10 years. Since 2006, Hytec have been a member of the British Standards Institution (BSI) and employ consultants with considerable experience in assisting organisations to achieve the ISO 27001 Information Security Standard.

Hytec take each request individually and have a proven track record of helping high profile customers to gain the ISO 27001 accreditation quickly and cost effectively. Services are tailored to the needs of each individual client, so that the final solution feels unique and personal, with many organisations having internal teams ready and capable to do the majority of the ISO 27001 discovery.