We’re delighted to announce that Tax Systems has achieved ISO27 001 certification for its information security management system (ISMS), demonstrating our commitment to information security and data protection.
The International Organisation for Standardization (ISO) is a global standards body and ISO 27001 is one of the most internationally recognised security standards in the world. ISO 27001 sets out a systematic approach to managing information, ensuring data security, and provides a framework for the ISMS featuring a comprehensive set of policies and processes that ensure data is protected.
Getting ISO 27001 certification can take years. It requires a mature ISMS, buy-in from across the business and processes to be in place that pass the scrutiny of an external certification body, so we knew it would be a tough process – particularly during a pandemic.
When I joined the business in mid-2020, achieving ISO certification was my top priority and so I immediately set us on the path for our first ever ISO security audit. We started the certification process in late 2020, achieving the recommendation for ISO 27001 certification in June 2021. We then had to wait for BSi (our certification body) to ratify the certification recommendation and to issue Tax Systems with a certificate, which I am very pleased to say we now have.
Accreditation was always going to be key to our future plans, as Russell Gammon, our CINO, explains: "As a tax technology provider, our solutions handle extremely sensitive data and so security has always been a top priority. But as we enter the cloud, with Alphatax and AlphaVAT offered as a service (SaaS), we wanted to prove to our customers that this will continue to be the case. ISO certification recognises the high security standards we have in place and proves these to our customers”.
ISO 27001 comprises 10 control categories including: information security policy, security organisation, asset classification controls, personnel security, physical security, communication management, access controls, system deployment, continuity planning and compliance.
Going forward, Tax Systems will participate in regular audits to ensure our ISMS continues to meet the demands of the standard. If you’d like to know more about our approach to data security, please see our security guides for tax teams and data security teams.