After successfully continuing to be approved to ISO 27001:2013 and 9001:2015, Crown Workforce Management’s quality manager Louise Shenton – who has 30 years of quality assurance experience – outlined the work that goes on behind-the-scenes to help the business achieve flawless results in managing and securely supporting their clients processing their data.
How we operate our information security across the business, aligned to ISO 27001:2013 and the quality of the processes we follow, aligned to ISO 9001:2015 underpins the workforce management services that we provide to more than 200 public and private sector clients across the UK.
The types of information we come into contact with is varied as it very much depends on the client, but the relationships we have are all built upon trust that the information they provide in order for us to help them manage workforces efficiently is used securely and efficiently to achieve their objectives.
That is why these two ISO certifications for information security and quality are so important – as they provide reassurances to clients that they are using a trusted and reputable provider.
Crown’s recent audit success was especially pleasing, as it was again achieved with “no open findings”, which means that our external auditors LRQA – who are UKAS (United Kingdom Accreditation Service) approved ISO auditors – found no areas that needed addressing.
Crown Workforce Management has led the way on ISO standards for nearly three decades, and has been a key driver for the company’s growth, but the secret to this success has been our staff’s commitment to maintaining high standards when it comes to handling sensitive data.
The engagement with ISO is company-wide, regardless of the department, and to reflect this there is an auditor that sits within each of our departments, to ensure that the same principles relating to information security and quality management are applied on a daily basis.
There is also another layer above this in the form of Crown’s own Information Security Board, which comprises of key senior leadership team members from different areas of the business to continually monitor the business’s security performance.
As we look to the future, we have already adapted to the shift in client demand for cloud-based services, and our software has adapted accordingly to maintain stringent levels of security which our latest audit results have taken into account.
There is a common misconception that a migration across to “the cloud” presents a greater risk to data security because it may be subject to hacking, however, it is safer and more reliable than the traditional route of storing data in a physical building where it is more likely to be stolen, damaged, or lost. As a business we have regular CREST-approved penetration testing performed on our infrastructure, to mitigate against sophisticated hacking and potential security vulnerabilities. Our operations are also Cyber Essentials approved, recognising that our systems are able to withstand common cyber-attacks.