A huge part of running a successful business is the amount of trust you are able to have in the person or company you are doing business with.
How can you be confident in their ability to deliver the service or product you need to the standards you expect?
As a business grows and gets bigger, its customers and indeed its staff expect more from it. They want it to deliver great services and to be honest in its dealings.
It is now a decade since iomart achieved its first industry accreditation so, as the person responsible for compliance, I’d like to reflect on those 10 years and how hard we’ve worked to gain the trust and loyalty of our customers. The journey has been an interesting one.
In 2008 we became the first hosting company in the UK and Europe to attain the new ISO 9001 accreditation. Why did we bother to gain this? I think that as the marketing of services in the cloud gained ground, people buying these services needed reassurance. The concept of handing over their data to a third party was relatively new and it troubled people. They needed to be assured that things were being done properly and that their data was secure. The new cloud companies needed to be able to sell their services with confidence. Their customers needed to know they were using a reputable supplier.
ISO 9001:2008 was introduced to provide an internationally recognised Quality Management System by which companies could be judged. The standard outlined the requirements necessary to ensure that a company with this ISO standard was meeting customer expectations around the quality of the product or service that was being delivered. It wasn’t just for hosting companies like iomart but it was a good way to set out our stall in terms of how we wanted to operate. Happily, iomart achieved the standard and from thereon in, we have made meeting such best practice standards as the benchmark for the running of our business.
The Information Security Management Standard ISO 27001 has become the de facto standard for the cloud computing industry. It is a framework of policies and procedures that includes all legal, physical and technical controls in an organisation’s information risk management processes. It helps a cloud provider like iomart demonstrate that we have the controls in place to safeguard customer information and that we can deploy IT systems in a safe and secure way.
Over the years, we have introduced a series of other international standards to help our business. iomart’s support operations have been awarded ISO 20000 for Information Technology Service Management and, for Business Continuity, we have also integrated ISO 22301 into our management systems, to reassure customers that we have the capability in-house to continue to operate 24/7/365 as a business following an unforeseen event. Given that we manage our own data centres in the UK and operate from offices globally, we have also recognised our social and environmental responsibilities, by getting accredited for ISO 14001 to help us oversee waste, and ISO 50001 to manage energy consumption and reduce our carbon footprint.
Surely anyone can say they have these standards, I hear you ask. Well, no they can’t. All ISO standards have to be independently verified by an accredited organisation. For instance, inspectors from Alcumus ISOQAR, a UKAS accredited certifying organisation, visits iomart regularly to check that we are meeting the obligations of each of the many standards that we now operate to. They sit with our staff so they gain concrete evidence that all of them are aware of the standards and that they are meeting requirements. It’s not just a tick box. Unlike say a degree, you don’t gain an accreditation for life. ISO standards are fully re-assessed every three years so, if you’re not operating up to scratch, they won’t be renewed.
While having a certificate demonstrates that we are committed to having the right controls in place as a technology business, it is also important for our customers. It provides assurance, allows them to reassure their auditors and any regulators they deal with.
Over the last decade, iomart has taken a proactive approach and strived to incorporate the highest standards by embracing, implementing and meeting industry requirements; introducing appropriate ISO standards; operating to the new codes of practice; and using ISO guidance documents to reference best practice.
The world is becoming more regulated. Our customer on-boarding process requires iomart to understand the customer’s expectations, in order that they can then meet their own industry and governance obligations. Data and cyber security is an immediate concern for all, so ensuring a service has been designed appropriately, with robust counter measures in place, is paramount. Given this, iomart typically references ISO guidance and best practice standards for cloud computing architecture ISO/IEC 17789 and ISO/IEC 27018 for protecting Personally Identifiable Information, as well as BS 10012:2017 – the new standard for implementing a Personal Information Management System (PIMS) - which provides a framework for maintaining and improving compliance with data protection legislation and good practice.
Which leads me to the new statutory requirement that’s arrived in 2018.
The EU General Data Protection Regulation (GDPR)
The GDPR has emerged out of societal concerns about the privacy of our individual data. I’m proud to say that for iomart meeting data protection standards is integral to the way we operate. While GDPR compliance can’t be officially certified, we have taken all necessary steps to ensure that our systems and processes comply with the new regulation.
I believe iomart is in a unique position in the cloud computing industry in that we can help a business get off the ground, by providing a domain name and web hosting, and then continue to support it as it grows via the delivery of a wide range of cloud services and complex hosting infrastructure.
Our aim is always to help our customers meet their obligations to their own customers and users. In trying to do the best for them however, we have to start at home first and that is why the accreditations we have attained are so important to us.
By Steve Flockhart, Compliance Manager, iomart.
To find out more about iomart, the UK’s most accredited managed cloud service provider, please download our accreditations brochure.