Your information is protected according to leading international standards

Winningtemp is now ISO 27001 and ISO 27701 certified 🎉. We've always ensured that your data is safe, and now we have the certification to prove it! This means we comply with rigorous best practice standards to protect your information and keep your data private, developed by the best and brightest information security experts.  

As your tech environment grows more complex and your organisation more interconnected — the direction of travel for almost every business — your data gets spread over more systems. That’s great for heaps of reasons (like being able to use Winningtemp to transform your employee experience and drive engagement, productivity, and retention 😉…) but it also means you need to engage with partners who meet international standards like ISO 27001 and ISO 27701 that will keep you and your customers safe.

• Manage data risks to protect against costs and damage
• Establish secure data transfer between your systems  
• Ensure your tech stack works better together
• Comply with various data security legislation like GDPR
• Promote a culture of data security
• Protect your employees’ data – and maintain their trust
• Easier, faster IT sign-off for our tech ;)

Let’s dig into the details.  ‍

What is ISO?

The International Organization for Standardization (ISO) is an independent, non-governmental organisation that sets international standards across almost every element of technology and manufacturing. Nearly 25000 international standards, plus 100 more each month, actually.  

ISO say, “an International Standard is a document containing practical information and best practice. It often describes an agreed way of doing something or a solution to a global problem.”  

ISO standards exist to:

• Make products compatible
• Identify safety issues
• Share ideas, solutions, and best practices

For example, there’s a reason you can buy standard A4 size paper for your printer and trust it’ll work without faff: ISO 216. Or why your credit card always fits into the card machine effortlessly: ISO 7810.

With member bodies representing 167 countries and over 800 technical committees and sub-committees developing standards, ISO has truly global reach. The ISO certifications are expert-led and developed from a non-profit, neutral perspective with no vested interests apart from common good.

Which brings us onto our specific ISO certifications: ISO 27001 and its extension, ISO 27701.

What is ISO 27001?

If you’ve worked in the tech space this is probably familiar to you. It’s the ISO certification focussed on information security, and essentially provides a framework to help organizations protect their information properly. And in this case, not just ours but yours.

The bad news:
46% of businesses report experiencing cyber-attacks in the last 12 months. Of those, 19% have lost money or data and 39% were negatively impacted, for example, with wider business disruption.  

The good news:
Although the number of reported cyber-attacks has remained similar since 2017, the proportion of businesses experiencing impact has fallen by a fifth. ISO 27001 is a major part of this success story.  
Gov.UK

To comply with ISO 27001, organisations create an Information Security Management System (ISMS) – system in the sense of ‘systematically’. It’s a “set of rules” around how we manage risk and protect information security.  

What does protecting information mean?

ISO 27001 aims to protect information in three ways:  

1. Confidentiality. Only authorised people can access the information.

2. Integrity. Only authorised people can change the information.

3. Availability. Authorised people can access the information whenever they need to.  

Those three things matter because they mean:

• Nobody unauthorised can access your information – like rogue organisations scraping employee data for recruitment purposes.  
• Nobody unauthorised can change your information – like ex-employees retrospectively deleting data because of a personal grudge.  
• The people who need data can access it – so your teams won’t be stuck twiddling their thumbs waiting for permissions they should have.  

How did Winningtemp get ISO 27001 certification?

Gaining an ISO certification is a rigorous process, guided by an external accredited certification body – ours was LRQA. To achieve ISO 27001 certification, we worked with TransPrivacy to build a comprehensive risk management system to protect our and your information.  

That essentially involved scrutinising everything that could go wrong, implementing appropriate safeguards to protect against those scenarios, and continually measuring the performance of those safeguards to ensure they’re always improving.  

Next up, ISO 27701…

What is ISO 27701?

ISO 27701 is a data privacy extension to ISO 27001. It was specifically developed to support compliance with GDPR and other data privacy requirements in mind. Experts from among other the CNIL (the French data protection authority) actively contributed to this standard, with support from the European Data Protection Board.

Where ISO 27001 required us to create an ISMS, ISO 27701 requires a Privacy Information Management System – PIMS. ISO 27701 provides a framework for organisations to protect Personally Identifiable Information (PII) and represents state of the art privacy protection.

What is PII/Personal data?

Personal data or PII is any information related to an identified or identifiable person – which could be as simple as name, driving license, or medical records but could also include stuff like IP address. It’s a broad term because it doesn’t only refer to direct identification – like someone’s name. It also means information can be classed as PII/personal data if in combination the information could identify an individual.  

Why does protecting PII/personal data matter?

Protecting your people’s personal information is important because loss can cause substantial harm, like identity theft or fraud. It’s also a major breach of trust, which can have long-standing implications for employee engagement – the exact opposite of what we want to achieve!  

How did Winningtemp get ISO 27701 certification?

Like ISO 27001, we worked with TransPrivacy to build a comprehensive system for keeping your personal information private.  

The process was very similar. We evaluated the risks to personal information, outlined appropriate controls and safeguards to manage that risk, and now we measure the performance of those safeguards to ensure they’re always up to scratch.  

Compliance with both ISO 27001 and ISO 27701 is an ongoing process, so it’s not something we set and forget. Rather, we’re continually involved and invested in keeping your information secure and data private.  

When we work together, we handle lots of your data – that’s how we can have such a transformative impact on the employee experience. You need to trust we’re protecting that data properly, so your people can trust you’re protecting theirs. Our ISO 27001 and ISO 27001 certifications mean you know we have world-leading privacy protection.

Winningtemp empowers you to intelligently check the temperature of engagement across your business, to transform your employee’s experiences. Watch the two-minute demo video here.