Written by Emily McDaid, Communications consultant for VSL
Vertical Structure has worked with security company Skurio since its founding in 2011 (when the company was called RepKnight). Initally, VSL was delivering system admin and DevOps support to Skurio. VSL’s role has now extended to providing the company with assistance in gaining ISO27001:2013 Certification.
I recently did a remote interview with Kris Newton, Information Security Officer for Skurio, to discuss how this process helped their business.
Why was ISO/IEC27001:2013 certification important to your organisation?
Kris: “The certification provides our clients with assurance that we are a security-focused company. It assists us in preserving the confidentiality, integrity and availability of the information we process, as well as ensuring information security is at the forefront of our day-to-day business activities.”
What was different about VSL – what attracted them to you?
Kris: “Simon and Marc have a reputation built on their extensive knowledge of the cybersecurity industry. Their ability to provide a one-stop shop for sysadmin, DevOps, penetration and network security testing, security training and ISO27001 consultancy, made them the perfect choice for Skurio.”
Given that 27001 is meant to have a long-term impact, how did it change the way you work?
Kris: “Achieving and continuing to be certified to ISO27001 has allowed us to embed information security into the way we work. Not only in planning and developing software but in relation to our business processes, for example, business continuity, risk assessment and compliance with our data protection responsibilities, etc.”
Any final thoughts?
Kris: “Simon, Marc and the VSL team have always been available to help. Nothing is too much trouble, and with their wealth of knowledge they have supported us to not only achieve ISO27001, but continue to retain certification.”
I then asked Simon Whittaker: What is ISO27001, in your words?
Simon Whittaker, CEO of VSL said: “ISO27001:2013 is a more stringent cyber security standard to try to reach – it requires several levels of audits over an extended time period. The first is Stage 1 – to determine whether you have all required documentation in place, then you get recommended into Stage 2 – where you are required to show evidence that you’re using and improving the processes that have been documented. Auditors like to see three to six months of evidence that shows that your Information Security Management system is in place and companies are required to have all their documentation at the ready. If the auditor is satisfied, they’re certified for three years – during this time, each year they have a surveillance visit.”
How does VSL look at the ISO27001 process?
Simon said: “The role of our team, led by our Lead Information Security Consultant Keith Anderson, is to do ourselves out of a job. We want our clients to be in a position to run this internally – we don’t want to come in and do a clean-up every six months, we want to be useful along the way. Our ethos is that the process should be owned by the company, not by us.”
***
ABOUT ISO27001
ISO/IEC 27001:2013 (also known as ISO27001) is the international standard that sets out the specification for an information security management system (ISMS). Its best-practice approach helps organisations manage their information security by addressing people and processes as well as technology.
ABOUT SKURIO
Skurio creates innovative cyber security software to help customers protect themselves from digital risks. The Skurio Digital Risk Protection platform combines automated, round the clock monitoring of the surface, deep and Dark Web with powerful analytics capabilities for cyber threat intelligence.
Founded in 2011, Skurio looks for cyber threats specific to an organisation, giving a single view of all data protection incidents and threats outside the network. Additional features help protect data across the supply chain with synthetic identities, and open APIs integrate valuable alerts into SOC and ITSM workflow systems to automate breach response.
Skurio’s highly skilled team of security analysts work at the leading edge of business threat intelligence and digital risk protection, providing customers with the support they need to extend their in-house expertise.
Find out more at: https://www.skurio.com
