Griffiths & Armour awarded prestigious ISO/IEC 27001:2013 Certification for Information Security Management
What is the ISO 27001 certification?
ISO 27001 identifies best practices as to how organisations should manage information in a secure manner, including implementing appropriate security controls to mitigate risks.
The basis of this certification is the development and implementation of a rigorous security program. It must include the development and implementation of an Information Security Management System (ISMS) that defines how Griffiths & Armour manage security in a holistic, comprehensive manner, including how it implements security controls to mitigate risks. This is the Gold International Standard for Information Security and demonstrates that IT systems and internal controls are maintained to the highest levels.
ISO 27001 is an international standard that specifies best practices in security management and requires comprehensive security controls following the ISO 27001 best practice guidance. This widely-recognised international security standard specifies that entities:
- Systematically evaluate information security risks, taking into account the impact of threats and vulnerabilities.
- Design and implement a comprehensive suite of information security controls and other forms of risk management to address organisational and architecture security risks.
- Adopt an overarching management process to ensure that the information security controls meet the information security needs on an ongoing basis.
- Develop and maintain an organisational culture that embraces cyber and information security as part of daily operations.
How does this certification impact Griffiths & Armour?
We welcome the ISO 27001 standard and best practices into our organisation.
Griffiths & Armour’s implementation of and alignment with ISO 27001 demonstrates a commitment to information security at every level of the organisation. The assessment by an independent third-party auditor to validate alignment with the ISO 27001 standard has been a valuable process. Compliance with the internationally-recognised standard and code of practice is evidence that our security system are comprehensive and in accordance with industry leading best practices.
The certification confirms Griffiths & Armour’s commitment to the security, confidentiality, and continued availability of client services. The key to these standards is the development, implementation, and continuous improvement of the firms’ rigorous security management program, which forms the foundation of Griffiths & Armour’s security approach.
Which Griffiths & Armour entities are covered by the accreditation?
- Griffiths & Armour
- Griffiths & Armour Professional Risks
- Griffiths & Armour Insurance Brokers
- Griffiths & Armour Global Risks Limited
- Griffiths & Armour Risk Management Limited
- Griffiths & Armour (Holdings) Limited
- Griffiths & Armour Europe DAC
What does this mean to you as a client?
ISO 27001 certification demonstrates Griffiths & Armour’s commitment to information security at every level. Compliance with this internationally-recognised standard, validated by an independent third-party audit, confirms that our security management program is comprehensive and follows leading practices.
This certification provides more clarity and assurance for clients when evaluating the breadth and strength of security practices.
Who is the certifying body?
The British Standard Institute (BSI), an ISO certifying agent accredited by UKAS Management Systems.
Can you provide a copy of the ISO 27001 standard?
The ISO 27001 standard keeps information assets secure and provides additional security for organisations to manage their assets, for example financial information, intellectual property, employee details or information entrusted by third parties. ISO has made the decision to copyright these standards in an effort to help fund the processes leading to development.
How did Griffiths & Armour achieve the ISO 27001 accreditation?
As part of the process, Griffiths & Armour had to demonstrate a continuous and systematic approach to managing and protecting both company and client data. Working in partnership with SureCloud, the world’s first Governance, Risk, and Compliance (GRC) Capability company, to attain accreditation, Griffiths & Armour were audited by The British Standards Institute (BSI) which observed cyber security, Information Security Management Systems (ISMS), and privacy protection processes across the entire firm.
David Atkinson, Head of Technology at Griffiths & Armour said:
“As a firm we already hold UK information security standards Cyber Essentials and Cyber Essentials Plus certifications, but as cyber threats and risks to businesses continue to evolve, this ISO 27001 accreditation further reinforces Griffiths & Armour’s ongoing commitment to protecting our firm and clients from developing risks in the fast-moving cyber landscape. We worked closely and collaboratively with SureCloud to achieve certification, and our thanks go to them for all their help and assistance”.
Ben Jepson, VP at SureCloud added:
“We were delighted to assist Griffiths & Armour on its ISO 27001 journey, helping them to achieve certification and a plan to maintain it moving forward. Our Capabilities bring together the right combination of Gartner-recognised Governance, Risk and Compliance (GRC) software and world-class cyber and risk expertise, whether working towards an ISO certification or managing third-party risk. We pride ourselves on providing the necessary support, through technology and consultancy”.
Cyber Essentials Plus
What is Cyber Essentials Plus?
Cyber Essentials Plus is a UK Government-backed, industry-supported certification scheme introduced in the UK in 2014 to enable organisations to demonstrate operational security against the growing threat of cyber-attacks.
The widely recognised scheme was developed and continues to be operated by the National Cyber Security Centre (NCSC) and continues to be an efficient way to ensure a secure environment and robust cyber security measures are in place.
What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessment option that provides protection against a wide variety of the most common cyber-attacks. Certification provides peace of mind that your security systems will protect your business from cyber attacks, as cyber criminals look for targets that do not have the Cyber Essentials technical controls in place. Cyber Essentials enables secures IT systems and prevents common cyber attacks.
Cyber Essentials Plus still carries the Cyber Essentials framework, and the protections organisations need to have in place remain the same, however, for Cyber Essentials Plus a hands-on technical independent audit is carried out.
Why should organisations obtain the Cyber Essentials Plus certification?
Data shows that holding a Cyber Essentials Plus certification helps protects a business against 80% of common cyber attacks and ensures secure controls are in place to protect against data theft.
Cyber hackers are becoming more intelligent and have adapted to many counter-hacking measures. The DCMS Cyber Security Breaches Survey 2021 reports that the nature of cyber attacks has changed over the years. Since 2017 the number of businesses experiencing phishing attacks has jumped from 72% to 83%, although there has been a drop in businesses experiencing viruses or other malware attacks, from 33% to 9%.
What Cyber Essentials Plus means for our clients
Cyber Essentials certification acts as an outward expression to any existing and potential clients that Griffiths & Armour takes clear and significant steps to ensure the protection of their valuable data.
Chartered Insurance Broker
What is the Chartered Insurance Institute?
The Chartered Insurance Institute (CII) is a professional body dedicated to building trust in the insurance and financial planning profession through relevant learning, insightful leadership and engaged membership.
The CII has more than 125,000 members across the world who commit to high professional standards by maintaining continued professional development and adhering to the CII’s Code of Ethics.
The Institute also provides professional qualifications, such as the CII Diploma in Insurance, an internationally-recognised technical and supervisory qualification that develops essential knowledge and capability for individuals in the insurance market.
What are the benefits of choosing to work with a Chartered Insurance Broker?
To maintain their chartered status Chartered Insurance Brokers must continue to meet strict obligations which are regularly reviewed. Griffiths & Armour are required to ensure the advice, service and ongoing support we provide is:
- Of the highest quality
- Based solely on the client’s researched needs
- Provided by someone operating within their level of competency
What are the benefits of choosing to work with a Chartered Insurance Broker?
Chartered status brings with it serious obligations, which Griffiths & Armour meet in a number of ways:
- A commitment to the technical and professional development of staff, such as through professional qualifications
- All staff who deal with customers are members of the industry’s professional body, the CII, and adhering to a Code of Ethics, which is enforced through disciplinary sanctions
- Adhering to the CII’s continuing professional development requirements, ensuring our staff keep their knowledge and skill-set up-to-date