Recently we wrote a piece about organisational agility and how the current working
normal caused by COVID-19 have changed, compounded and amplified the need to have
robust and efficient tools, processes and integrations between all stakeholders in the
supply chain.
All very easy to say but, as with everything, harder to achieve something that is both
seamless and elegant, not to mention robust and repeatable.
Information security controls are generally focused on securing an office or studio with
some additions for a small number of ‘road warriors’ using tools like email. Brands and
agencies have seen the impact that the mandated “work from home” policies have had.
No one is in the office so now every workstation has to be secured. File transfers have to
be secure and traced, version controls need to be maintained, access to the assets
needs to be there for everyone (not the latest file being on one person’s desktop).
Graphic file sizes can be huge, amplifying the problems and delaying the process, and
making review and e-approvals a potential problem.
A clear path
However, there is a framework that can be used to create the desired end state and
provide a higher level of information security and business continuity in the process.
Whilst it’s hard to attain and maintain, it is something that is open to everyone – the
ISO27001 attestation.
The technical description is that ISO27001 is “a specification for an information security
management system (ISMS)”. An ISMS is a framework of policies and procedures that
includes all legal, physical and technical controls involved in an organisation’s
information risk management processes.”
Meaningful benefits
In practice what it means is that an organisation that has attained ISO27001 has the
necessary foundations to be able to respond quickly and effectively to a situation like
COVID-19.
As a case in point, back in early 2019, a Private Equity group instigated some information
security measures across their portfolio of companies, following an attempted hack on
one of their portfolio companies. Within the portfolio, some businesses had already
achieved the ISO27001 standard and so were already operating at the highest level, and
so they were able to not only provide assistance to the other group companies but also
to avoid the ‘fire drill’ of new procedures and tools.
Fast forward to March of 2020, and those same companies slipped seamlessly into the
continuity plan assessments, risk analyses and ultimately a work-from-home model,
without missing a beat or a single deadline for their clients. The framework was there,
which meant the tools were there and the security was maintained throughout.
Essential to business, now and for the future
Information security is increasingly a cornerstone requirement for many brands – both
enterprise and start-up, where competitive advantage is a key factor in the success of
any new product launch. Compromising on information security during any phase of the
product launch is a real no-no and, with the right foundations, shouldn’t be an issue
even in extraordinary times like these.
Right now, there are brands both big and small who are busier than ever. Indeed, one of
the largest brands in the world is currently working at full speed with new product
releases and their agencies that have the ISO framework have managed to keep pace, without compromise on quality, security and speed. This is the (new) normal for business.
