ISO 27001

ISO 27001: Trust or Confidence?

By 9th February 2017 No Comments

In my previous blog post, Protecting Your Data with ISO-27001, I wrote about what ISO 27001 Certification was, how it worked, and how this helped Lexonis to build a robust approach to information security as an online competency management software provider. In this post I want to take a different approach, and to write about how Lexonis' ISO 27001 Certification impacts our relations with our clients, both current and prospective.

Client relationships, of course, come in all shapes and sizes, but at their core there is always the expectation by each party that the other will deliver on their commitments, and these can be characterised under two related measures: confidence and trust. Confidence represents an impersonal judgement, informed by business, regulatory and social context, but also by brand, image and impartial testimony, made by each party that that the other will meet its obligations. Trust, meanwhile, represents the interpersonal rapport which is formed by representatives of the two parties and acts as a mutual guarantee that each is working in good faith towards their responsibilities. Generally speaking, confidence is more readily generated by larger organisations, and trust is more productively generated by smaller ones.

What implications then, does ISO 27001 Certification have on the relationships we have with the clients for whom we provide our competency management solutions?

At first glance one might expect its main role to act as a confidence-booster for our clients. At its core ISO 27001 Certification is an impartial verification that Lexonis has instituted an information security management system to an industry 'gold standard'. The heart of ISO 27001 is that it provides an objective benchmark to work towards, and requires that organisations prove to regulated external auditors that those benchmarks have been met. Simply by holding the certificate our clients have good, independent reasons to believe that Lexonis is taking their data security seriously. Indeed, building this confidence is part of the point of seeking certification.

It is not however the whole of the story. One major advantage of seeking, and acquiring, ISO 27001 Certification as a small organisation is that it can act as a jumping-off point for deeper discussions with clients about the security of their data. By grounding our approach to information security in a public standard, we create a framework for really discussing it with clients. Part of the point of working towards ISO 27001 Certification has been to create an arena for greater engagement with our clients, to create more opportunities to build trust between us.

Ultimately, the main reason for Lexonis to acquire ISO 27001 Certification is to improve our management of information security, but just as the management system we have put in place extends through all layers of the business, so too do the implications, the opportunities and the consequences of that certification extend through it.

We trust that it will improve your confidence in us as well as in our competency management solutions, and we are confident that it creates the space for us to earn more of your trust.