Bespoke has always had a strong focus on customer data security, and information security in general. As part of that ongoing commitment to infosec, we are well established with ISO 27001 certification, a huge milestone for our business. This makes Bespoke one of the few South African contact centre outsourcers to achieve it. What exactly is it, and why is it so important?
When it comes to handling personal data, trust is paramount. An ISO 27001 certification reinforces that trust assurance. It demonstrates that we manage customer data with integrity and proves that security strategies and policies are continually developed and tested to enhance your data protection further.
In recent years, cyber-attacks have increased both in number and strength and as a result, businesses have become increasingly vulnerable to security breaches. This poses significant financial and reputational risks and the only way to counter this threat is to deploy effective information security countermeasures – this is where ISO 27001 comes in.
We operate in a custom-built contact centre and as an ISO 27001 certified and compliant business, Bespoke International Group can demonstrate globally accepted effective security controls giving peace of mind to our clients and building trust and credibility. The accreditation is designed to ensure the selection of adequate and proportionate security controls, that help protect sensitive information in line with increasingly rigid regulatory requirements such as the GDPR (General Data Protection Regulation), DPA (Data Protection Act), CCPA (California Consumer Privacy Act), and related international best practices and regulations.
The gold standard within infosec, ISO 27001 dictates specific requirements for establishing, maintaining, and continually improving our information security management system (ISMS). This means we maintain compliance within the industry, and at a global level.
To demonstrate our continual commitment to improving and protecting critical data and digital assets, we conduct regular security reviews using an independent, internationally recognised audit body, the BSI (The British Standards Institution), As the UK’s national standards body, The BSI fosters innovation and promotes best practice.
As e-commerce and telephone ordering systems have become more common, online and telephone payments known as card-not-present (CNP) transactions have grown in number. Whilst offering the user new levels of ease and convenience, these transactions can pose a higher risk of fraud and trigger security breaches. This is where our PCI DSS (Level 1) certification comes into play – a set of security standards designed to ensure that all companies who accept, process, store, or transmit credit card information maintain a secure environment. Given the huge volume of customer interactions and sensitive financial data that we handle, compliance with PCI DSS is essential.
A critical requirement of PCI DSS is the implementation of robust security controls to protect cardholder data. This includes using firewalls, intrusion detection and fraud prevention systems. It also includes the encryption of sensitive data, and regular security assessments with regular penetration testing to identify vulnerabilities.
The ISO/IEC 27001 certification also enforces the continuous assessment of risks to information security so we can proactively identify potential vulnerabilities and respond to threats decisively. The ISO 27001 certification mitigates potential damage caused by security breaches and makes them less likely, with potential break-throughs being tracked and eliminated in the early stages.
To find out how ISO 27001 and other aspects of the Bespoke International Group service can have a positive impact on your managed customer services, contact our Sales Director, Keith Shanks for an informal chat by emailing [email protected]