Does your agency keep your data safe? All you need to know about ISO 27001 and why it is important.

With data breaches becoming increasingly common, cyber-security and data protection is a big topic in the media and a priority for CK Group. In September 2017 we proved to the International Organisation for Standardisation (ISO) that we were safe and secure, and in turn were awarded with our very own ISO 27001 certificate.

But what exactly does this mean? And why should it be so crucial for recruitment agencies to be ISO 27001 certified?


What is ISO 27001?

ISO 27001 is a framework of policies that helps companies keep information safe and secure. It is recognised worldwide, and it ensures that companies continually review and refine the way they manage and protect the data that they hold. It also gives specific requirements that a company must meet to keep their accreditation over time.

In short, a ISO 27001 certified company such as CK Group has the management framework in place to significantly reduce the risks of a data breach but more importantly, it has the right procedures to properly manage an incident if one was to occur.


Why ISO 27001 is particularly important in the recruitment sector

A few years back ISO 27001 was considered to be solely an IT department standard. However, due to increasing pressures to prioritise protecting data it is becoming popular in other fields.

Like other ISO management system standards, having a ISO 27001 certificate is not obligatory. However, companies who are not compliant could be putting sensitive data at risk. It is particularly important in the recruitment sector as companies like CK Group tend to hold a lot of information about their clients and candidates.

How does it help our clients?

–       It keeps recruitment plans confidential

–       It keeps salary and payment information confidential and safe

–       It protects employee information and keeps it safe from prying eyes

Similarly, how does it help our candidates?

–       It keeps their names, addresses and contact details safe

–       It ensures their data is only shared with people that they have approved

–       It keeps their salary details confidential and safe

–       It keeps copies of identification and other documents safe

–       It makes sure that their reference and qualification details are not passed on to any third parties without approval

If a recruitment or employment agency is not ISO 27001 certified, a data breach could have significant damaging consequences on candidates, clients as well as the said agency.


Choosing to work with an agency that is ISO 27001 certified, and not just ISO 27001 compliant

Many agencies might claim to be ISO 27001 compliant but will not have the accreditation. What does this mean?

To get an ISO 27001 a company needs to go through a vigorous auditing procedure. Some companies may think they are compliant but haven’t necessarily been through the complete process. Without a third party validating their framework of policies and general practice it is impossible to know whether the organisation is really compliant or not.

All in all, whether you are a client or a candidate, with so many high-profile data breaches occurring, choosing a recruitment or employment agency with no ISO 27001 accreditation could be putting you at risk and could end up having damaging consequences.


If you would like to find out more about the ISO 27001 principles we follow visit our previous blog post about CK Group gaining ISO 27001 accreditation here, or get in touch with us today, as we would be delighted to speak with you.