Pictured (L to R) Louise Shenton, Quality Manager and David H Hughes, Product Manager for Crown Workforce Management.
Infosec – information security – is a key consideration for Crown Workforce Management which has just been awarded with ISO / IEC 27001:2013 for its strenuous efforts in maintaining and improving standards.
Information security measures not only feature within its core products – systems for HR, rostering, business analytics and time and attendance – but also apply to the stringent processes used within the company such as client record-keeping.
Now, Crown has demonstrated its thorough approach through assessment for the International Standardisation Organisation (ISO) certification.
ISO / IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system. It also incorporates assessment and treatment of information security risks tailored to the needs of the company applying for standard.
In order to qualify for the standard, Crown undertook a gap analysis of its existing information security system, compared it with the requirements of the ISO/IEC 27001 standard and undertook assessment with its external business assurance partner, Lloyds Register.
As infosec is a crucial strand of the business, Crown constantly reviews its processes and marries them to customer requirements – extending them into product specification. The ISO/IEC 27001 certificate is valid for three years.
Louise Shenton, Crown’s Quality Assurance Manager, said that ISO / IEC 27001:2013 ideally complimented the transition to ISO 9001:2015 certification which the company was awarded last year.
“The nature of our business means that information security is taken very seriously. It effects what we do inside the company and mirrors the specification requirements that we offer to our customers. We encourage the application of best practice to both our staff and clients,” she said.