Barts Cancer Institute IT awarded ISO 27001 certification

Barts Cancer Institute (BCI) IT Department has been awarded the ISO 27001 certification, which is the international standard that sets out the specification for an information security management system. Its best-practice approach helps organisations manage their information security by addressing people and processes as well as technology.

Araripe Garboggini, Barts Cancer Institute’s Information Governance Lead, said:

“This is an important certification for the Institute, and recognises our ongoing commitment to ensuring the security of the data we hold. It helps to avoid data breaches and financial penalties. This is particularly important for organisations like ours, which deal with sensitive data, such as patient information.”

Outlined below are some reasons why the ISO 27001 certification is so important:

Improved data security

Through implementation, the Institute understands its own security landscape and the most up-to-date digital defence mechanisms.

ISO 27001 demonstrates that an organisation has identified risks and put in place preventive measures to protect the organisation from information security breaches.

Under the EU’s General Data Protection Regulation (GDPR), the Information Commissioner’s Office (ICO) in the UK can now issue fines of up to 4% of a company’s annual turnover, or €20 million (whichever is greater) for the worst data breaches.

Improved processes and strategies

Qualified auditors seek to address risks in order to mitigate security breaches. They map out goals and objectives in an actionable approach to define data security responsibility across the organisation.

A good control describes how all relevant legislative, statutory, regulatory, contractual requirements, and the organisation’s approach to meet these requirements are identified, documented and kept up to date for each information system and the organisation.

Creates a culture of continual improvement

ISO 27001 strives to keep its users ahead of the latest changes in technology. In the ever-evolving world of cyber security, this is very important as the organisation is reassured that, with the help of ISO 27001, it will always be able to meet new requirements and obligations.

Awards the organisation with a mark of quality

The ISO 27001 certification is internationally recognised and externally assured, conveying to “customers” that the organisation is credible and trustworthy.

It will automatically improve customer confidence through its demonstration of the organisation’s commitment to cyber security and compliance with legislation such as GDPR.