February 2023 saw our UK office take part in a rigorous ISO 27001 audit, testing our information security, cybersecurity and privacy protection. After a week of reviews, assessments and interviews, it gives us great pleasure to announce that we are recertified with ISO 27001!
First achieving this certification in 2016, ISO 27001 demonstrates our commitment to keeping our client, partner, and employee data secure, accrediting our implementation and maintenance of key technical, organisational and security measures.
What is ISO 27001?
The International Organisation of Standardisation (ISO) brings together experts to develop international standards that support innovation and provide solutions to global challenges. An independent organisation with a membership of 167 national standards bodies, ISO provides a platform for developing practical tools to aid business operations.
Unprotected systems are vulnerable to information attacks, putting confidential data at risk. The ISO 27001 accreditation ensures that the necessary controls and procedures are in place to protect the information of our clients, trading partners and employees. This accreditation also instigates a process of improvement: constant monitoring, updates and reviews reduce the chance of risk.
How was our audit conducted?
Over five days, an ISO auditor was welcomed into our UK office to carry out an extensive examination of our systems and processes. Several employees were called upon to be interviewed, our systems were scrutinized and evidence was gathered.
Andrew Mycroft, K2 Network Support Officer, explains:
“The accreditation requirements cover a wide range of IT-related topics such as access control, network security, data backup and recovery, and incident management. Adopting the ISO 27001 standard ensures that our information systems and data are protected from potential threats, and can help build trust with customers, partners, and stakeholders.”
As the audit drew to a close, K2 waited in anticipation for the verdict. We are now able to share the words of the auditor himself:
“Completed: recommended for recertification. No nonconformance reports. Great systems, great people, great company.”
Despite the unrelenting nature of the audit, we have no corrective actions that need to take place. K2 passed with flying colours: no major or minor nonconformities, and not one OFI (Opportunities For Improvement).
Linda Rafferty, Global Head of Compliance and ESG, elaborates:
“This achievement demonstrates how we assess risk: we are a proactive organisation around threats – not a reactive one. We do what we say we do, our policies are not mere words on a page. And to hear that our employees are well trained in and genuinely care about information security, on top of our culture that ‘shines through’… we know K2 is a great place to work, but for it to be recognised by an independent auditor speaks volumes.”
What does this mean for K2?
Not only does ISO 27001 prove that K2 already has the existing measures in place to protect the information of our clients and partners, it also increases our resilience to cyber-attacks and breaches in the future. With a centrally managed framework that secures all information in one place, our protection from harmful technology spans all twelve offices across nine countries.
A massive congratulations to Linda, Andrew and our IT and Development teams for an ace audit! This is yet another example of the true collaborative spirit we possess at K2. Globally, everyone understands their part in keeping data safe, and knowing we are accountable for the data we handle is what enables us retain certification year on year.
You can learn more about our already achieved ISO 9001 and ISO 14001 accreditations, here.