Any company with a website and cloud-based software takes its data seriously – and this is an increasingly important issue for automotive retailers, whose data is wide-ranging and often highly sensitive. It’s information which, in the wrong hands, can do businesses and individuals a world of harm.
When data from your website is being handled by a third party such as your web provider, it is natural to assume that they conform to tight operational standards. Unfortunately, that’s not the case. Whilst most web companies treat the data they handle with the upmost care, many in our sector can’t claim ISO 27001 certification. It begs the question; why not?
You only have to look at recent instances of companies losing swathes of customer data to hackers to understand just how essential robust security measures are.
We have always strived to offer the highest level of security for our clients. Many of the vehicle manufacturers and top UK dealer groups that we have worked with for many years have contractual obligations regarding this which we have had to meet. But our desire to conform to the highest standards through official certification is what has led us to implement numerous measures and practices that have enabled us to earn ISO 27001 certification.
Certification was only awarded after an extensive auditing process from independent experts, BSI. Owing to our existing stringent practices it took us just four months to achieve. By contrast, large organisations can take years to bring every facet of their business operations in to scope, especially in industries where sensitive data handling and processing is so important.
Toni Allen, UK Head of Client Propositions, BSI, said; “By gaining certification to ISO 27001, GForces has shown its commitment to securing its valuable information assets and has demonstrated that it is doing its utmost to ensure information is well managed.”
ISO 27001 is an internationally-recognised standard which covers all manner of business elements for which we have put in place management policies and procedures. For example, if you are visiting our premises you will be required to wear a lanyard so that we can identify visitors, contractors, interns and full-time staff. It’s all part of ensuring our building is extremely secure and no one can get at our internal servers or hardware.
Digital and physical document control is heavily monitored, data security and protection has been assessed and we carry out continued risk identification monitoring and respond with mitigation measures.
These measures together ensure that the risk to our clients’ data, and the data of their customers, that passes through GForces is as secure as it can be. If there is ever a slip-up, we are duty-bound to report it, ensuring that policies and process can be adapted accordingly to tighten things up even further.
GForces has four core values, one of which is ‘Integrity’. This isn’t just integrity in our day-to-day actions and practices. It’s also in maintaining the integrity of client data to make sure it is safe and secure.