RedTie, a premier Web to Print software provider for online sales, announced that it had been granted ISO 27001 by UKAS accredited BSi.
ISO 27001, which has the full name of ISO/IEC 27001:2005 - Information technology – Security techniques – Information security management systems, is an internationally recognized standard that has data security at its core.
Ben Thomson, Operations Director of RedTie, says “This project started nearly 2 years ago when we identified that operating as a cloud based service provider meant that data security was increasingly becoming a requirement for the end users of our platform. This was made especially clear when one UK government owned customer of RedTie advised that it was going to be a requirement that all of their suppliers who store data on their behalf would have to have this standard.”
With a number of high profile security breaches for cloud based companies in 2010, customers and end users are becoming increasingly aware that data security should be top priority for their service providers. RedTie, in gaining ISO 27001 certification, has now been recognized as following best practice for how they deal with all aspects of data.
Ben goes on to say “It is amazing how far we have come since starting the project and how encompassing the standard is. Having been through the process I don’t think I would want to allow a company to store my confidential information if it had not successfully been through this process”.
Not all ISO 27001 accreditations are the same however, there are many certification companies operating around the world that are not accredited by the equivalent of UKAS which is the only UK accreditation service recognized by the British government. Without this accreditation there are concerns that short cuts are being made by companies in order to obtain the standard and there are numerous articles online suggesting that ISO 27001 certificates from companies that have not been accredited by an internationally recognized body such as UKAS are not worth the paper they are written on.
Ben summarizes this point by saying “RedTie has done it the right way and it is important that customers don’t just take the fact that a company has ISO 27001 at face value. They should ask to see who performed the certification and ensure that the company who certified them is on one of the internationally recognized bodies lists of recognized accreditation companies”.