ISO27001 – what’s it all about?

In the MOMO team we proudly publicise that we are accredited with ISO27001. But what does that really mean?

ISO is an international organisaton that sets quality standards for all operational aspects of organisations; 27001 is their information security standard.

Unusually for what was then barely even a micro company, we took the decision in 2014 to aim for compliance with the international standard on information security so that we could assure ourselves as well as users and customers that we were doing everything possible to protect young people’s sensitive data.

Possibly, had we known what it entailed, we might not have embarked on this journey. In the early days we struggled to find enough capacity to fulfil the same set of requirements as those set for large corporate companies.

But last Thursday, at the end of an exhaustive and extremely taxing assessment process, we were informed that our governance had earned us a further three years of certification (subject to annual audit of course!).

From those very early days we have worked each year to be ever more self critical, to learn from our faults and take corrective action while simultaneously striving to be a learning organisation and an improving organisation.

MOMO case study

Earlier this year we were pleased to be approached by the Centre for Acceleration of Technology (CAST), an organisation devoted to supporting small charities and start ups to use tech for good. We told CAST our story of developing a thriving information security management system (ISMS) that sits at the heart of everything we do at MOMO.

You can read their case study here.