Here at Topwood, we are pleased to announce we have recently renewed our IS0 27001 accreditation for another year. ISO 27001 is an information security standard regulated by the International Organisation for Standardisation. The standard accreditation includes data handling standards such as shredding EN15713, scanning BIP008, storage BS5454 and staff vetting BS7858.
It is more important for organisations to make sure they are using reputable waste disposal companies in order to be compliant with the new GDPR guidelines. The new Data Protection Act being introduced in 2018 will be placing more liability on data processors which means the controller/processor contract becomes more important to the data processor. The contract must include details about duration, nature and purpose of the data processing. However, a contract does not have to tie you in to a long term commitment, so be careful of what you sign!
A key thread in the new Data Protection Act is the ability to demonstrate compliance. By choosing an ISO 27001 accredited firm, storage, scanning and shredding services are conducted to the highest security standards in the industry and a full audit trail is provided, including a certificate of destruction after shredding. Failure of compliance could result in breaches and ultimately fines of up to 4% of annual global turnover for the most serious breaches.
ISO 27001 ensures that appropriate measures to mitigate data risks within GDPR guidelines have been taken and ensures a continuous improvement of controls, procedures and polices as well as promoting a culture of awareness of information security to its stakeholders, embedding the highest level of security across all areas of the business.
Please click on the image below to see a copy of our renewed ISO 27001 certificate.
If you would like to know more about how to prepare to GDPR and data destruction please see our 5 step guide or contact us through our live chat.