Intelliflo’s ISO 27001 certification ‘essential’ for GDPR

By Miles Reucroft
Jun 13, 2017 9:00:00 AM

The British Standards Institution (BSI) has awarded Intelliflo with ISO 27001 certification, an audited process that confirms the organisation adheres to information security best practice and delivers the highest standard of data security to its clients. It is certification that Intelliflo believes is essential to equip advisers with the necessary controls to meet the General Data Protection Regulation (GDPR) which is due to come into force in May 2018.

ISO 27001 is the recognised specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes. It includes 114 controls in 14 groups and 35 control objectives.

The FCA, in its guidance for firms outsourcing to the ‘cloud’ and other third-party IT services, recommends the external assurance of the ISO 27000 series of certification is taken into consideration when conducting due diligence on potential third-party digital providers.

ISO 27001 also covers areas of data protection that will come into force via GDPR, which will significantly increase the obligations of all financial advisers.

Robert Walton, Intelliflo’s Chief Operating Officer comments: “The ISO 27001 certificate is tangible proof of our high security standards and underpins the strict controls we have in place. In terms of GDPR, I believe this certification is essential for our clients, as the new regulation will require them to show that their data is being managed in accordance with data protection regulations both within their own infrastructure and with any outsourced service providers they use. Using suppliers that don’t have this certification will make the task of being compliant with GDPR far more difficult and time consuming.”