ISO 27001 certification: What does it mean?


2024/25 Payroll Legislation Guide

The facts, figures, thresholds and allowances for 2024/25, in one handy guide.

In June 2021, Cintra achieved the ISO 27001 certification. This certification demonstrates our commitment to information security and data protection.

What is ISO 27001 and what does the certification require?

In order to achieve ISO 27001, an organisation must meet an International standard for Information Security. The standard specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). The external audit certification cycle follows a three-year period with initial certification, followed by annual surveillance visits, and then recertification every third year. In between surveillance and recertification visits, organisations are required to continually monitor and perform their own internal audit program to ensure ISMS audit principles and controls are maintained with any deviances assessed for risk and mitigated wherever possible.

The primary focus of the ISO 27001 standard is establishing and maintaining information confidentiality, integrity, and availability, with security principles in mind. A holistic approach is taken to ensure that all areas of a business are aware of their responsibilities for information security from the top down.

Information security is critical to our operations as a Payroll and HR provider, and we were driven to obtain the specification for numerous reasons:

  • Obtaining this certification aligns with our business practices, reassuring clients that we take the responsibility to protect all data seriously.
  • It offers businesses the opportunity to organise their internal management of information security clearly and consistently. The ISO 27001 framework ensures organisation and consistency allowing us to streamline our processes, policies, and procedures all while minimising risks and maximising improvements.

Overall, our ISO 27001 certification, as well as our other externally accredited certifications, verify that we will maintain the highest standards when it comes to information security.

What value does ISO 27001 bring to our clients?

Aside from peace of mind, Cintra’s ISO 27001 accreditation brings many benefits to clients. With this certification and management system in place, Cintra provides clients with the assurance that at every level, and in every project, information security is our number one priority. Secondly, when it comes to a client’s own audit processes, there is little need for protracted investigations into our controls. Your audit team will fully recognise and understand the efforts we have taken to gain this certification standard. Furthermore, you can also be certain that we have conducted robust due diligence into our sub-processors and business critical suppliers as well as having a tried and tested business continuity plan in place should the worst happen.

Finally, when deciding if an ISO standard is right for either your business or that of a supplier, always remember to ensure that the certificate has been issued by an externally accredited body such as UKAS. This will provide you with the peace of mind that the certificate is more than just a piece of paper and that these business objectives are firmly embedded in the core of the organisation.

Picture of Chloe Walker
Chloe Walker
Chloe is Head of Marketing at the PSSG, leading the team across all our brands with her highly analytical, strategic and creative skill set. Outside of work, she loves spending time outdoors, running and cycling!