CNS Group have attained the ISO27001
standard across the whole of the group. While CNS Group has achieved many accreditations, and have been performing services to HMG IL4 standards for many years, the Board decided to lead by example and attain the standard for both CNS Hut3 and CNS Mosaic.
Jason Moody, Managing Director of the company stated “CNS Group decision to acquire ISO27001 certification was a simple one – as a leading provider of consultative security and information assurance services our commitment to protecting the confidentiality, integrity and availability of customer data remains absolute. Crucially, obtaining the certification has helped us to demonstrate this commitment to customers and business partners alike whilst also helping us to offer clear value differentiation in a busy market space".
The project was lead by Alex Radford, Head of GRC at CNS Hut3 (himself an ISO27001 Lead Auditor). He added "clearly being an ISO27001 Lead Auditor house has helped us streamline our accreditation. We applied the same process and procedures that we do to our customers and showed how efficiently and effectively the standard can be achieved with the right investment and resources. CNS are a good example of any small to medium sized company wishing to achieve this invaluable standard; planning is imperative, board buy-in crucial and a company-wide willingness to uphold policy of the utmost importance".
As CNS Group had nearly all of the controls and processes in place; the project was swift. In all taking about 5 weeks from beginning to end.
Moody continued "Implementing an Information Security Management System (ISMS) ensures that the policies and procedures, including all legal, physical and technical controls involved in maintaining our information risk and management processes, remain wholly relevant, cost effective and able to support the long term services strategy of the business.
Interestingly, our own ISO27001 Lead Auditors believe that participating in their own employer’s certification process has helped them to gain a heightened level of empathy for customers doing the same. As a direct consequence, we have revisited and fine-tuned our customer education and knowledge transfer processes which together remain a key success factor in helping our customers to achieve and maintain the certification.
In short, we firmly believe it the obligation of any modern day security practice to hold the ISO27001 certification or else have plans in place to obtain it. We really are so very proud to have met the standard at 1st pass.”