ISO 27001 – We Are Now Certified!

ISO27001
We are exceptionally pleased to announce that as of 14th October 2024 we are now fully and officially ISO27001 certified, a process we started a little over a year ago. We’ve always taken information security seriously, and have been certified with Cyber Essentials and other standards from IASME since 2015. But it’s always been an ambition to go for the internally recognised Gold Standard.

Our Journey To Compliance

Cyber Essentials, delivered via IASME as the main certification, was our first step on the path almost 10 years ago back in 2015. We were early adopters of the standard and one the first 40 certification bodies in the UK – there are now over 900.

Along with CE, we pursued other IASME certifications that were based on ISO 27001 for Information Security, and ISO 9001 for Quality Principles. Now known as Cyber Assurance, this is based on a stripped down version of ISO 27001, which is quite a demanding standard to achieve, and is designed to be a more realistic route for smaller businesses.

But, while these certifications are a commendable achievement that few organisations have attained, very few people have ever heard of them! It’s been a long held goal of Ciaran to go for the very best accreditation there is. He passed the exam to became an auditor for the standard back in 2015, which triggered the start of our journey to compliance, and in 2023 decided that the time was right to go for it.

What Is ISO 27001?

The definition according to the Centre For Assessment (the body who audited us):

ISO 27001 is the international standard for information security. It sets out the specification for an effective ISMS (information security management system). ISO 27001’s best-practice approach helps organisations manage their information security by addressing people, processes and technology. The focus of the standard is to protect and safeguard the confidentiality, availability and integrity of information.

ISO 27001: The New 2022 Version and Why It’s Essential to Every Business’ Cyber Security | Centre for Assessment

The ‘CIA Triad’ is the basis of the whole system, along with the assessment of risk.

Confidentiality: To ensure information is kept secret or private, to prevent unauthorised access or sharing.

Integrity: To ensure information is accurate and reliable.

Availability: Information has no value if the right people cannot access it when they need it.

Why Have We Got It?

As we like to say, “Information is the lifeblood of business”, and protecting it is of vital importance. Not just for reasons of intellectual property or operational efficiency, but for security. Personal or other sensitive information must be protected from loss, theft, or other unauthorised access. The CIA triad underpins not just how me manage the information we hold, but also what information we hold.

Along with strong moral principles and regulations such as the GDPR, not mention our decade of experience achieving these standards, we take great care to hold only the minimum amount of information necessary to deliver our service and meet our legal and contractual obligations. This reduces risk and improves the way we operate.

What Does It Mean For You?

Whether you are a client, supplier, staff member, or a future partner, you can be assured that your information is as a safe as we can make it. And, as a client, we can help you achieve the same robustness in your own information management.

We’ve long said that security is not an optional extra to IT Support. For us, it’s a fundamental that we build in to our service from the very bottom up. Our service tiers are based on the excellent Cyber Essentials and the technical controls required to meet them. But, our approach to managing and designing your own information management systems, such as your user accounts, SharePoint for data, and Email, is based on the principles of CIA and our own twist on the same.

  1. Do you know what information you have
  2. Do you know where it is stored
  3. Do you know who has access to it

For many organisations, this is not as simple as it seems. Multiple online systems, a mix of company owned and BYOD devices, and a convoluted hierarchical level of access permissions can all get in the way of accurately answering all three of these questions.

Just as we – and IASME – believe that your IT Support should be at a minimum certified to Cyber Essentials (Is Your IT Support Cyber Essentials Certified?) we also believe that your IT Support should have the skills and experience to effectively help you manage your information, not just your computers – which after all are just devices used to access information.

Want To Know More?

If you want to know about any of the above, or how Macnamara can help you manage your IT and your information, get in touch and we’ll be delighted to help you on your journey to better information management and information security.

For some insight into how the whole team here found the process, have a look at the accompanying post: ISO 27001 From The People Who Implemented It

For some further reading, the ICO has a great introductory guide to data security. Can you tick all these boxes? A guide to data security | ICO

Further reading

Passkeys Vs Passwords 2 med

Leave Passwords in the Past: Why the NCSC Is Backing Passkeys for Login Security

The UK’s National Cyber Security Centre (NCSC) has delivered a clear new message: “Leave passwords in the past – passkeys are the future.” In April 2026, the NCSC formally updated its guidance to recommend using passkeys as the default way to log in wherever services support them, instead of traditional passwords (even those paired with multi-factor authentication). This is a major shift in cyber security advice, and overturns decades of password-centric best practices.

Read More »