Getting IT right for Information Security

Getting IT right for Information Security

Energy Assets has successfully completed its ISO27001 information security audit, confirming the integrity of company’s processes and procedures for managing commercial and personal data.

Head of IT James Walker guided Energy Assets through the recent 2-day assessment, with auditors particularly impressed with business continuity planning and implementation in response to the COVID-19 pandemic and its impact on operations.

ISO27001 is the international standard that governs best practice in information security management systems, which involves identifying security risks and putting in place appropriate control methods. Energy Assets has been ISO27001 accredited for six years and undertakes audits every six months.

“The standard focuses on devising and implementing best practice in information security, covering both physical assets and electronic data – and how we manage and control any associated risk,” says James.

“It an increasingly important standard for businesses to hold, not just in protecting the organisation from cyber security threats and safeguarding data, but in meeting strict criteria set down by government and other customers as a pre-qualification threshold for contracts.”

Energy Assets has implemented a rigorous training programme to ensure best practice is embedded in the company’s culture, which includes a mandatory annual elearning module with a pass/fail element for all relevant staff.

“This approach ensures that everyone in the organisation understands their responsibility for information security, which is further underlined by the clear commitment from the leadership team to protecting employee and customer data as part of its governance oversight. When people understand why protecting data is important and how it relates to their daily working lives, then they embrace it.”

In the latest assessment, James and his team navigated the audit with no non-conformities, but he recognises that information security constantly evolves. This is why Energy Assets works closely with third party auditors to test procedures outside the formal ISO27001 assessment schedule and also runs external site penetration tests.

Comments James: “All these steps inform our approach to information security, add value through knowledge transfer and contribute to our business ethos of continuous improvement.”

#EverythingConnects


News

Top Marks for Energy Assets Utilities

Energy Assets Utilities (EAU), one of Britain’s leading utility network construction companies, has received a 100% pass mark in its latest assessment by audit specialists Achilles under the UVDB Verify programme.

READ MORE
News

Metering, Monitoring and Data – the measure of sustainability

One of the recurring themes in plans for recovery from the coronavirus pandemic has been a determination in government circles to invest in a greener, more sustainable future.

We are all only too aware of the tragic human cost and economic turmoil wreaked by the crisis, but one unexpected consequence of the new way of working has been lower carbon emissions. The government, in the words of the Prime Minister, is looking to ‘entrench those gains’ through the recovery phase on the road to net-zero emissions.

READ MORE
National Gas Emergency ServiceElectricity fault?