Officially Certified: Our Management Team from L-R: Peter Hunt (Marketing Manager), David Jeffreys (CEO), Michelle Leo (Head of IT), Fiona Giltinan (Head of Culture and Development), John Savage (CTO) and James Gunning (Head of Software Services) showcase our ISO 27001 certifications for both software and IT departments.

The Highest Standard of Information Security

On 7th of August 2018, Limerick-based Tech Firm ActionPoint received confirmation that the company had achieved ISO 27001:2013 certification from Certification Europe, a world-leading certification body. ISO 27001 is an international information security standard awarded to companies who meet the highest standards of risk management in relating to information security.

Information security threats have become more prevalent for individuals and customer organisations alike. Protecting our customers and our own company against potential threats has always been a priority for ActionPoint. Implementing ISO 27001 and using it as a baseline to further increase our security will ensure that this information continues to be protected.

The internationally recognized standard allows customers to have confidence in the service provider that they are sharing their information with. It demonstrates that ActionPoint have the understanding and have taken the necessary precautions to prevent a breach, with a plan in place in the event of one happening. ISO 27001 emphasises that the information we hold has been safeguarded to the highest level and that ActionPoint are committed to continuously improving our ISMS (Information Security Management System). By implementing ISO 27001, ActionPoint are protecting our own data and the data of our customers.

From benchmark to baseline

Prior to obtaining ISO 27001, ActionPoint always prided on being proactive in the protection of company and customer data. Because of this and a large number of Information System (IS) processes already in place, ActionPoint obtained the ISO 27001 accreditation in a relatively short period of time. Following an initial assessment in August 2017, ActionPoint provisionally learned that the certification had been obtained on 24th May 2018 – the eve of the introduction of GDPR. This short timeframe emphasises the steps the company were already taking in securing the information of customers and employees.

By cultivating a culture of security amongst employees, ActionPoint had many of the required controls already in place to obtain the certification. ISO 27001 set ActionPoint a benchmark to work towards, which is now being used as a baseline to work from on the journey to becoming fully GDPR compliant. ISO 27001 shows that ActionPoint was able to “implement appropriate technical and organisational measures” to become compliant with the requirements of Article 28(1) of the GDPR.

The man with the plan: IT Audit & Strategic Projects Manager at ActionPoint Marius van Niekerk.

A secure, reliable environment 

David Jeffreys, ActionPoint Managing Director, spoke about the importance of information security and obtaining the certification. “Protecting customer data is of utmost importance to ActionPoint. The ISO27001 accreditation demonstrates our commitment not only to data protection, but to best practice when it comes to processes and procedures that are designed to protect the information assets of our customer. The accreditation also signifies our position as a leading provider of secure IT services at a time when protection of sensitive data is paramount.”

According to the certification body Certification Europe, ISO 27001 is defined as “the international standard which is recognised globally for managing risks to the security of information you hold.”

ISO 27001 provides a set of requirements for an Information Security Management System (ISMS). The certification was developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.” The ISO 27001 certification demonstrates ActionPoint’s ability to identify, manage and reduce the information security risks to protect its information assets.