Cyber Essentials - good compliance makes for great business
One significant development in this brave new cyber-secure world is the level of governance and compliance that those of us who handle client data must adhere to.
We’ve long made the case that the introduction of GDPR in 2018 had a directly positive effect on the business processes of compliant organisations. As an agency we provided GDPR compliance consultation before and during its implementation and enforcement, consistently emphasising organisations with a better understanding of their opted-in data management and security practices would develop more effective and profitable CRM systems as a result.
The significant challenge for agencies like us has, however, always been ISO certification - something that’s increasingly becoming a requirement of a pitching agency. ISO 27001, the international standard for information security management, sets out how organisations should protect their information through policies, procedures, and systems. However, there hasn't been an ISO standard that adequately addresses our business model while remaining cost-effective and practical. While ISO 27001 comes close, it remains prohibitively expensive for all but the largest agencies and requires costly augmentation with its privacy-focused extension, ISO 27701, for comprehensive coverage.
The UK Government has set up - and over the years continually refined - Cyber Essentials and Cyber Essentials Plus to the point where we think they’re real game changers. They cover many of the same aspects as ISO 27001, but in a much more realistically achievable package for SMEs. Furthermore, like GDPR compliance, they immediately enhance an organisation's digital security posture.
3B has recently achieved Cyber Essentials Plus certification, simply by allowing our existing processes, software and hardware to be properly audited by an accredited certification agency. We’re now actively encouraging our clients—regardless of size— to pursue this certification as we believe it will become an increasingly ubiquitous industry standard.
We all need to properly embrace these new security requirements sooner or later, and accept that ultimately they make us all better and more effective at what we do.
