As the head of information security at virtualDCS, a company that takes pride in its ability to securely host customer data on its UK infrastructure, I oversee our daily efforts to safely handle hundreds of thousands of transactions from clients across the globe.
This position gives me a unique insight into what customers’ desire, and what they ought to demand from their suppliers—trust.
Because we ask that each and every one of our clients trust us with their most valuable asset, a core pillar of our security programme is the external audit and accreditation of our capabilities; independent reviews of our performance and systems that give customers’ confidence in their hosting provider.
The most important of these external reviews is a globally agreed standard on information security management systems, called ISO/IEC 27001:2013.
What is ISO27001?
For those not familiar with this standard, it is essentially a set of technical and business controls, which collectively ensure that we’re managing your data in the most secure way possible.
These controls govern almost every aspect of our business, ranging from how we securely destroy data, through to how we procure cleaning materials.
In total, we implemented 123 out of 130 recommended controls. The only controls that we left out of our security plan were those that didn’t apply to our business.
What exactly was accredited?
Unlike many others, the entire company was accredited.
If you’re familiar with any international standard, you’ll know that many companies whom ‘accredit’ to one, simply scope a ‘broom cupboard.’ That is, a hosting company choosing to accredit the staff canteen, whilst proudly parading their certificate to hosting customers.
We are as annoyed about this as you, a consumer of this industries’ products are. To that end, our scope is:
The provision of safe and secure cloud hosting services.
In other words, our entire company is within scope, and has been accredited as being compliant.
We’re accredited, but whom did we choose to audit us?
We chose the British Standards Institute to audit our security management system. Not only does the BSI brand inspire confidence, but the organisation and auditors demonstrated in-depth knowledge of our industry, and understood the unique challenges of maintaining a virtual hosting environment.
They will continue to audit us at regular intervals throughout our 3-year accreditation period.
What does this means for you?
Whether you’re speaking to one of our support engineers, meeting with our technical consultants to discuss a sensitive project, or hosting your organisation’s data with us, you can be sure that we’re handling the security of your information in a robust, transparent, and independently verified way.
Naturally, our team is on hand to answer any questions that you have. Drop us a line, or email the support team.