The Internet growing as an essential part of our lives, make topics such as security breaches and protection of primal importance.
From the second half of the last century, with the Governments are moving their eyes to the value of information and have started to create legislation in aim to prevent data breach.
Data breach can bring consequences as simple as penalties from overlooking the basic safety measures, to a long term loss of trust from the victims involved in the loss of information.
That’s the reason why every company must implement an Information Security Management System. To protect the personal and sensitive information from its customers, employees and providers, among others.
The advantages of an ISMS?
Implementing an Information Security Management System at the heart of the company has key benefits such as:
Securing all forms of information
Channels like cloud services and hard copies, internal communication and even paper archives are comprised within the information security system.
Better response to cyber attacks
Cybercrime is permanently evolving, and there is no company beyond reach for criminals. However, maintaining the security management up to date with the newest information about cyber-attack trends and adapting methods inside the enterprise in accordance, while it won’t guaranty invulnerability, it will help to reduce the damage to a minimum. Helping at the same time to recover from it quicker.
Stablished safety measures framework
The Information Security Management encompasses every aspect of the company, not just IT. By settling policies, procedures and technical controls, employees are trained to understand the importance of data protection and to identify risks.
What does Information Security Management mean for SMS marketing?
Companies offering SMS Marketing services have access to large databases, whether from their own clients or from their user’s client list. Contact address and telephone numbers are, according to the General Data Protection Regulation (GDPR), personal data.
This is why, it becomes important to implement an ISMS for SMS marketing services providers. Since they have the responsibility to look over these databases to prevent the occurrence of cyberattacks, for instance.
On top of it, in the case of marketers using SMS in their campaigns, they must develop security management systems for the information delivered through their SMS.
Although SMS is a safe channel for marketing, when it comes to transmit personal or sensitive data by this mean, it is imperative to implement further security measures.
The importance of an ISO/IEC 27001 certification
ISO/IEC 27001:2013 (also known as ISO27001) is the international standard for information security. It sets out the specification for an information security management system (ISMS).
Therefore, ISO27001 is a compilation of rules and best practices for any company to implement an Information Security Management System.
Different than creating an ISMS on their own, companies rely on international bodies such as the ISO (International Organization for Standardization) and the IEC (International Electrotechnical Commission) to create standardized politics and systems that are long proved to be efficient and cost-effective.
Even though those policies are open to the public, the certificating bodies exist to assure the correct adherence to these standards.
ISO/IEC 27001:2013 comprises +114 controls, some of the most relevant are:
- information security policies,
- access control,
- communications security,
- supplier relationships and compliance.
Companies are not enforced to adapt all of them, just to determine which ones are the most relevant for them and stablish them in their management.
Octopush’s ISO/IEC 27001 certification
At Octopush, our willingness to meet internationally accepted data and information security standards, has taken us to look for ISO 27001 compliance.
To obtain such certification, Octopush is developing a ISMS project where we tackled important security stakes such as:
- Information security objectives, resources and possible risk of implantation
- Documentation like policies, procedures, work instructions and records
- Identification of baseline criteria, by identifying the practices we had already in place, assess their effectiveness, and ensure its recalescence
- Monitoring, measuring and evaluation methods
What is out there in terms of information security to Octopush’s clients?
Our organization truly cares about the privacy of the personal data we collect and process, we implement these security controls for personal data, in order to avoid breaches that negatively impact the data subjects. Namely you, as a client and, by extent, your own clients.
To protect the privacy of our customers, Octopush places special care in leveraging the entities and individuals with the permission to get information from them. Our users can as well control the type of information they allow to share with us.
As an Octopush client, you have the right to know the whereabouts of your personal data and to control it. For more information about this topic, visit our Privacy Page.