[Expert opinion] ISO CERTIFICATION - Three questions for Yann Perchec, PeopleDoc Chief Technology and Information Security Officer
As an HR service delivery cloud company, our clients manage a large amount of employee data using our platform. Protecting this customer data on behalf of our clients and their employees has always been integral to the way we operate. We know security and the trust it engenders is fundamental to our business and to our collective growth.
With this in mind, we have taken the step to audit and refine our processes and policies by earning ISO/IEC 27001:2013 (ISO 27001) certification. What is this process about? We asked 3 questions to Yann Perchec, CTO and Chief IS Officer of PeopleDoc.
1. What is ISO certification?
ISO 27001 certification is a methodology for implementing and continuously applying the policies and processes necessary to protect our assets including our customers’ data and our people. ISO 27001 is an international standard which reflects a consensus of experts in the field of information security and an ongoing commitment to best practices.
We’ve chosen a wide scope for our study in line with our overall commitment to security. Our ISO certification includes:
The physical security of PeopleDoc employees and visitors
The security of the information we manage for and with our customers for whom we want to ensure privacy, integrity and accessibility
The security of our working methods to deliver our products and services
The security and regulatory compliance of our internal and business IT systems
2. What have you put in place?
Security certification is first and foremost a process. Certification is not a one-time event; it is an on-going mission, because every day we improve our platform and the market changes and that means we have to make continual adjustments to ensure our security is sustained. To help us do that we have a Security Committee to review new investments and ensure we are staying on track, and internal and external audits that are carried out at least once a year. We regularly use "Bug Bounty" programs to help identify and correct any vulnerabilities.
Most of all, security is a collective task: it involves everyone in the PeopleDoc company. We instill a security-first culture from the top and provide the supportive and transparent environment to encourage employees to uphold our security policies and practices. Top security is the result of lots of small actions everyone takes every day. We’ve expanded our team to include a Global IS Manager and a Global Security Manager in order to provide a larger dedicated focus to this effort.
3. What does this mean for our users?
On a daily basis, our clients will not notice any changes in using our products. The security of their data and operations has been integral to our business from the beginning and our current practices are sound. ISO 27001 provides our clients with the additional confidence that we will continue to invest in security and apply best practices as we continue to grow the products, services and geographies we cover.
You May Also Be Interested In:
What is the CCPA and what does HR need to know?
The California Consumer Privacy Act (CCPA), intended to protect the privacy of California residents, is having a ripple effect across the United States. Originally designed to give California consumers new rights, the definition of “consumer” in the Act is so broad that your workforce data may also be affected. If you're an employer who may be impacted by the CCPA, here are 5 actions you can consider before the new privacy law goes into effect on January 1, 2020.
What impact could a no-deal Brexit have on employee data?
Last week, Theresa May’s Brexit plan was defeated, leaving United Kingdom employers (along with the rest of the world) with a number of questions. One primary concern: maintaining compliance with the General Data Protection Regulation (GDPR) if the UK leaves the European Union before a deal is in place. While a lot remains unclear, here are three things to be aware of when preparing employee data for a no-deal Brexit.
It seems like every week there is a news blast on how data has been misunderstood, misused or abused. From Cambridge Analytica’s purposeful abuse of personal data to Strava’s unintentional reveal of military bases, 2018 has brought the consequences of personal data collection to the forefront. That said, it’s important not to forget that with proper use, personal data can have a huge, positive impact on your HR practices. Employers have used personal data to make better hiring decisions, help employees get healthy and address biases in the workplace.