No items found.
close
Blog

Winningtemp is now ISO 27001 and ISO 27701 certified!

Author:
Abtin Kronold
Date Published:
May 2022
Length:
min read
Winningtemp is now ISO 27001 and ISO 27701 certified!

Your information is protected according to leading international standards

Winningtemp is now ISO 27001 and ISO 27701 certified 🎉. We've always ensured that your data is safe, and now we have the certification to prove it! This means we comply with rigorous best practice standards to protect your information and keep your data private, developed by the best and brightest information security experts.  

As your tech environment grows more complex and your organisation more interconnected — the direction of travel for almost every business — your data gets spread over more systems. That’s great for heaps of reasons (like being able to use Winningtemp to transform your employee experience and drive engagement, productivity, and retention 😉…) but it also means you need to engage with partners who meet international standards like ISO 27001 and ISO 27701 that will keep you and your customers safe.

  • Manage data risks to protect against costs and damage
  • Establish secure data transfer between your systems  
  • Ensure your tech stack works better together
  • Comply with various data security legislation like GDPR
  • Promote a culture of data security
  • Protect your employees’ data – and maintain their trust
  • Easier, faster IT sign-off for our tech ;)

Let’s dig into the details.  

What is ISO?

The International Organization for Standardization (ISO) is an independent, non-governmental organisation that sets international standards across almost every element of technology and manufacturing. Nearly 25000 international standards, plus 100 more each month, actually.  

ISO say, “an International Standard is a document containing practical information and best practice. It often describes an agreed way of doing something or a solution to a global problem.”  

ISO standards exist to:

  • Make products compatible
  • Identify safety issues
  • Share ideas, solutions, and best practices

For example, there’s a reason you can buy standard A4 size paper for your printer and trust it’ll work without faff: ISO 216. Or why your credit card always fits into the card machine effortlessly: ISO 7810.

With member bodies representing 167 countries and over 800 technical committees and sub-committees developing standards, ISO has truly global reach. The ISO certifications are expert-led and developed from a non-profit, neutral perspective with no vested interests apart from common good.

Which brings us onto our specific ISO certifications: ISO 27001 and its extension, ISO 27701.

What is ISO 27001?

If you’ve worked in the tech space this is probably familiar to you. It’s the ISO certification focussed on information security, and essentially provides a framework to help organizations protect their information properly. And in this case, not just ours but yours.

The bad news:
46% of businesses report experiencing cyber-attacks in the last 12 months. Of those, 19% have lost money or data and 39% were negatively impacted, for example, with wider business disruption.  

The good news:

Although the number of reported cyber-attacks has remained similar since 2017, the proportion of businesses experiencing impact has fallen by a fifth. ISO 27001 is a major part of this success story.  
Gov.UK

To comply with ISO 27001, organisations create an Information Security Management System (ISMS) – system in the sense of ‘systematically’. It’s a “set of rules” around how we manage risk and protect information security.  

What does protecting information mean?

ISO 27001 aims to protect information in three ways:  

  1. Confidentiality. Only authorised people can access the information.
  1. Integrity. Only authorised people can change the information.
  1. Availability. Authorised people can access the information whenever they need to.  

Those three things matter because they mean:

  • Nobody unauthorised can access your information – like rogue organisations scraping employee data for recruitment purposes.  
  • Nobody unauthorised can change your information – like ex-employees retrospectively deleting data because of a personal grudge.  
  • The people who need data can access it – so your teams won’t be stuck twiddling their thumbs waiting for permissions they should have.  

How did Winningtemp get ISO 27001 certification?

Gaining an ISO certification is a rigorous process, guided by an external accredited certification body – ours was LRQA. To achieve ISO 27001 certification, we worked with TransPrivacy to build a comprehensive risk management system to protect our and your information.  

That essentially involved scrutinising everything that could go wrong, implementing appropriate safeguards to protect against those scenarios, and continually measuring the performance of those safeguards to ensure they’re always improving.  

Next up, ISO 27701…

What is ISO 27701?

ISO 27701 is a data privacy extension to ISO 27001. It was specifically developed to support compliance with GDPR and other data privacy requirements in mind. Experts from among other the CNIL (the French data protection authority) actively contributed to this standard, with support from the European Data Protection Board.

Where ISO 27001 required us to create an ISMS, ISO 27701 requires a Privacy Information Management System – PIMS. ISO 27701 provides a framework for organisations to protect Personally Identifiable Information (PII) and represents state of the art privacy protection.

What is PII/Personal data?

Personal data or PII is any information related to an identified or identifiable person – which could be as simple as name, driving license, or medical records but could also include stuff like IP address. It’s a broad term because it doesn’t only refer to direct identification – like someone’s name. It also means information can be classed as PII/personal data if in combination the information could identify an individual.  

Why does protecting PII/personal data matter?

Protecting your people’s personal information is important because loss can cause substantial harm, like identity theft or fraud. It’s also a major breach of trust, which can have long-standing implications for employee engagement – the exact opposite of what we want to achieve!  

How did Winningtemp get ISO 27701 certification?

Like ISO 27001, we worked with TransPrivacy to build a comprehensive system for keeping your personal information private.  

The process was very similar. We evaluated the risks to personal information, outlined appropriate controls and safeguards to manage that risk, and now we measure the performance of those safeguards to ensure they’re always up to scratch.  

Compliance with both ISO 27001 and ISO 27701 is an ongoing process, so it’s not something we set and forget. Rather, we’re continually involved and invested in keeping your information secure and data private.  

When we work together, we handle lots of your data – that’s how we can have such a transformative impact on the employee experience. You need to trust we’re protecting that data properly, so your people can trust you’re protecting theirs. Our ISO 27001 and ISO 27001 certifications mean you know we have world-leading privacy protection.

Winningtemp empowers you to intelligently check the temperature of engagement across your business, to transform your employee’s experiences. Watch the two-minute demo video here.

Sed posuere consectetur est at lobortis. Maecenas sed diam eget risus varius blandit sit amet non magna. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam id dolor id nibh ultricies vehicula ut id elit. Donec id elit non mi porta gravida at eget metus.

Nullam id dolor id nibh ultricies vehicula ut id elit. Donec sed odio dui. Nullam id dolor id nibh ultricies vehicula ut id elit. Nulla vitae elit libero, a pharetra augue. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Vestibulum id ligula porta felis euismod semper. Curabitur blandit tempus porttitor.

H2 - id dolor id nibh ultricies vehicula ut id elit.

H3 - id dolor id nibh ultricies vehicula ut id elit.

H4 - id dolor id nibh ultricies vehicula ut id elit.

H5 - id dolor id nibh ultricies vehicula ut id elit.
H6 - id dolor id nibh ultricies vehicula ut id elit.
Cras justo odio, dapibus ac facilisis in, egestas eget quam. Sed posuere consectetur est at lobortis. Maecenas faucibus mollis interdum.

Sed posuere consectetur est at lobortis. Maecenas sed diam eget risus varius blandit sit amet non magna. Nullam quis risus eget urna mollis ornare vel eu leo. Nulla vitae elit libero, a pharetra augue.

  • Praesent commodo cursus magna, vel scelerisque nisl consectetur et.
  • Praesent commodo cursus magna, vel scelerisque nisl consectetur et.
  • Nulla vitae elit libero, a pharetra augue. Donec id elit non mi porta gravida at eget metus.
  • Nulla vitae elit libero, a pharetra augue. Donec id elit non mi porta gravida at eget metus.
  • Malesuada
Abtin Kronold
About the Author
About the Author
About the Author
Om författaren
Abtin Kronold
TransPrivacy, helps companies and organisations to go beyond compliance - they help put customer privacy at the forefront of their operations while ensuring business growth. TransPrivacy, is founded by Abtin Kronold, who has over a decade of experience in the data privacy industry. He is known for his ethical approach to privacy, which has seen him work with some of the biggest names in tech, including Facebook and Moonpig.

Hear about our product

Integer posuere erat a ante venenatis dapibus posuere velit aliquet.

INterested in Winningtemp?

If you want to learn more about how Winningtemp can help you improve your employee engagement, why not have a look at our tool in action?

Hear about our product

Integer posuere erat a ante venenatis dapibus posuere velit aliquet.

TA REDA PÅ HUR WINNINGTEMP KAN HJÄLPA DITT TEAM

Vi använder vetenskap och teknik för att hjälpa ledare bygga en engagerad och produktiv arbetsplats som kan skalas upp globalt

Other BLOG ARTICLES

Other BLOG ARTICLES

Other BLOG ARTICLES

andra ARTIKLAR