Thirteen gains ISO status

Housing organisation Thirteen has gained the prestigious ISO27001 accreditation for its work to manage information and keep data secure.

Hassan Bahrani

17 Jan 2022

ISO27001 is the international standard for information security and risk. It assesses the systems and processes that organisations have in place to manage and improve how information and data is kept secure.

Hassan Bahrani, head of IT at Thirteen, led on the accreditation project. He said: “Applying for ISO27001 was a really rigorous process that involved people from right across Thirteen.

“We hold a wide range of data, which includes very sensitive information about customers and other people we work with. So it’s essential that we have robust systems and processes in place to keep this data safe.”

To assess its progress, Thirteen asked assessors from SGS United Kingdom Ltd to audit its processes and systems. The assessors met with staff from teams throughout Thirteen to build a picture of how information is managed in the organisation.

From October 2021, assessors from SGS interviewed staff, examined policies and processes, and scrutinised the ways that Thirteen stores and manages its data.

The ISO/IEC 27001 auditor from SGS, said: “I was really pleased and impressed with Thirteen’s systems, in particular the automation, how the systems are used, and good practice within the project management governance.

“It was also good to see great use of automated workflow tasks and the overall information security management system was at a high standard, so ISO/IEC 27001 certification is recommended.

“I’d like to thank Thirteen’s staff for their openness and assistance during this audit.”

Thirteen has done a lot of work over the past few years to put measures in place to manage information securely. And every member of staff has played a part – from completing regular e-learning courses to implementing new systems that manage the information the organisation holds.

Hassan continued: “It’s vital we have this accreditation as it confirms that we have the right systems and policies in place to protect the data we manage.

“This will help us retain some important contracts and gives us the opportunity to bid for new work in the future, so it’s fundamental to the development of our business over the next few years.”

In addition to the management of its information, the assessors also looked at security measures for Thirteen’s buildings and facilities, HR processes, communications and purchasing practices.

They also talked to staff as part of random awareness interviews where they were asked about how data security plays a part in their role.