Debt technolgy firm, Trustfolio, has announced that it has achieved certification to ISO 27001, the international Standard for Information Security Management Systems (ISMS).
In order to achieve ISO 27001 certification, organisations are required to develop and implement a comprehensive set of policies, procedures, and controls to manage their information security risks. A key aspect of ISO 27001 is that it is based on a continuous improvement model, where the ISMS is regularly reviewed and updated to ensure its ongoing effectiveness and to ensure the ongoing ability to respond and adapt to new and evolving risks.
Trustfolio was assisted in developing its ISMS by ISO 27001 specialists URM Consulting Services. Lisa Dargan, Director of URM said “The process was made far easier by the fact that Trustfolio had an excellent foundation to build on. The organisation already had a comprehensive set of information security policies and processes which we were able to modify and adapt to specifically meet the requirements of the Standard. We also found a strong security culture and demonstrable management commitment, along with a dynamic and responsive approach to dealing with required changes and corrective actions.”
The UKAS-accredited certification body selected to assess Trustfolio’s ISMS was QEC and Gavin Warran, QEC’s Operations Manager, said “During the 2-stage assessment process, Trustfolio was able to demonstrate to the assessor that it has implemented a robust and effective ISMS that fully conforms with the requirements of the ISO 27001 Standard.”
Lou Yates, Co-founder and CEO of Trustfolio said “As a leading provider of superior debt solutions through powerful, bespoke technology, information security is of paramount importance to Trustfolio. This includes the secure, efficient transfer of sensitive data from one location to another within the insolvency and related sectors. By achieving ISO 27001 certification, we have demonstrated our ongoing commitment to safeguarding our customers’ confidential and sensitive information and ensuring the integrity and security of our operations. We believe this provides further reassurances to our customers, partners and other stakeholders of our commitment to information security.”