Manchester and US insurance software specialist secures major ISO certification
Aquarium Software has secured the coveted ISO 27001 certification, the globally recognised standard for Information Security Management Systems (ISMS), essential to managing third party data.
Senior executives at Aquarium identified the strategic need for accreditation over 12 months ago, as the firm expanded its reach into the growing global pet insurance sector, where demand for certification of international compliance was a key business requirement.
“The entire process from initial project commencement to final external certification got us all thinking about our information security processes,” said Operations Director, Andrew Sherwin. “Although a massive commitment, I would recommend it for all professional companies where managing data is key to their success and clients’ peace of mind.”
As a premier technology innovator, Aquarium already employs class leading security protocols and while any progressive company worth its salt must have several information security controls in place, ISO 27001 is one the KPIs in taking data security to the next level, ensuring that the ISMS is robust, organised and fit for purpose.
ISO is no mere box ticking exercise. Aquarium had to set up an internal working party of key business personnel to project manage the venture and deliver formalised policies and procedures to both meet and exceed the rigours of the international standard. Such a commitment of time and resources was a concern for Ed Shropshire, Managing Director, but now complete, the process is already bearing fruit.
“When Andrew first suggested to me we should work towards ISO certification, I was concerned about the time commitment,” said Ed. “Thankfully these concerns proved short lived as we got into the process and formalised our policies and procedures. I can now say we are working far more efficiently as a result of our certification.”
An ISMS is at the heart of any systematic approach to managing confidential or sensitive information and a core part of ISO 27001, and there is much more to Information Security Management as defined by the standard than just anti-virus software and firewalls. Aquarium already worked to ISO, PCI and ISAE standards, but as the ISO standard demands a strategic approach to security as much as the ‘nuts and bolts’ of the operational side, the company wanted to demonstrate their ability to secure official ISO status.
ISO demands management examine all security risks in a systematic way, taking account of potential threats and that systems built to counter such threats are integrated and work in harmony to ensure overall effectiveness. As Aquarium has expanded worldwide with its systems being implemented by a number of global leaders in the insurance sector, the commitment to data security has been essential. While this has been the primary driver for ISO, the initiative has attracted significant endorsement closer to home.
The achievement of this certification is seen by Aquarium as the beginning and not the end of a process designed to see the company build on its growing reputation in the emerging pet insurance sector and part of an ongoing business process set to underpin the firm’s global growth strategy in 2015 and beyond.
Andrew concluded, “We are certainly not a company which lets the grass grow under its feet, we are now embarking upon the ISO9001 Quality Management Standard.”