Topwood Ltd
Freephone 0800 781 1066

FAQ: Why is using an ISO 27001 accredited firm my best guarantee?

UK law states Data Controllers (office managers), who subcontract the handling of their data to a third party (a data processor), remain liable for that data.  Data controllers must, therefore, be 100% sure that their processors have the proper processes and controls to protect their data.  A data processor with ISO 27001 accreditation has been independently audited to have the relevant processes and controls. Read on to find out more.



What is ISO 27001?

ISO 27001 is an information security standard regulated by the International Organization for Standardization. They develop and publish International Standards. This passage is taken from their website page:  ISO/IEC 27001 - Information security management

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). Like other ISO management system standards, certification to ISO/IEC 27001 is possible but not obligatory. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to be certified to reassure customers and clients that its recommendations have been followed. ISO does not perform certification.

ISO 27001 Certification webpage at BUREAU VERITAS describes the standard as follows:

ISO 27001 is the international standard related to information security management systems. It has been designed to allow you to assess your risk and implement appropriate controls preventing confidentially, integrity and availability of information assets. The fundamental aim is to protect the information of your organisation getting into the wrong hands or losing it forever.


What standards does ISO 27001 include?

 Specific data handling standards include:
  • Shredding: EN15713
  • Scanning: BIP008
  • Storage: BS5454
  • Staff Vetting: BS7858
At Topwood, we were accredited with ISO 27001 in April of 2015. We are one of the only Confidential Document Management Companies in the West Midlands to have this standard. Does your shredding firm have ISO:27001?

GDPR – Are you compliant?

With the new General Data Protection Regulations due to come into effect in May 2018, it is increasingly more important for all data controllers to ensure their data is being processed under the new guidelines. As part of this process, organisations are required to monitor all 3rd party data processors like shredding and storage companies as they come into contact and have access to individuals’ data. There are many opportunities for security breaches in any organisation.


Free No Obligation Quote

Please call Free on 0800 781 1066 or email sales@topwoodltd - you might be surprised at how cost effective our services are!

Related Articles:

Topwood's Compliance and Certification

Download Centre: Legislation and Compliance

FAQ: What is the Chain of Custody Process?

FAQ: Are your staff security vetted?




Contact Us