This week the team at Willmott Dixon are celebrating being certified to ISO 27001, the IT security management accreditation. By achieving this standard we can now definitively show how we follow best practice in our IT security, keeping ours, and our customers data secure at all times.
As an IT security analyst, I have been heavily involved in the year-long process getting us to this point. If you had told me three years ago, when I started on the trainee scheme, that I would now be in my current role starting my dream career and achieving this important certification I would never have believed you – it’s been an amazing journey!
ISO 27001 is an international standard on how to manage information security. It tackles people, processes and technology to ensure organisations manage their information in the best way possible. Having already been accredited to Cyber Essentials and having a dedicated IT security team, ISO 27001 was the natural next step.
A career change
I joined Willmott Dixon’s management trainee scheme three years ago, following an eight-year career in the police service. After deciding to take the plunge of a career change, I embarked on the scheme which allows you the opportunity to try out different areas of IT and see where you want to specialise.
It has certainly been a whirl-wind – I’ve been involved not only in learning the technical side of IT but also I have had so many wonderful opportunities such as getting involved with our STEM school visits, arranging our trainee charity event to walk the Cotwolds Challenge and recently being nominated for our prestigious trainee of the year award – which is such an honour!
I found the trainee scheme fantastic at helping me find my place. I really enjoyed experiencing all the different IT specialisms during the programme and after completing the rotation of the IT departments the security team was the perfect fit for me and I got the position of IT security analyst starting work on the ISO 27001 project.
Working towards ISO 27001 involved a lot of collaboration with various teams throughout IT and the wider business. Being such as important standard for the business I knew I wanted to give it my all and really demonstrate the great work our teams are doing in IT security.
The first task was to work out what we already had in place. As a business there were lots of examples of good practice already out there so my first task was to find out what we were doing and to write it down in a format that could be audited against the standard. Where tweaks and changes were needed, I discussed different approaches to make sure that what we decided on worked, not only for us to get the certification, but also for the business. Ultimately, the goal was to ensure we are as secure with our information as we possibly can without impacting the day to day running of our business.
Above: the IT security team
A great experience
Being pretty new to the role, leading the ISO 27001 project was a little daunting – but the support I got from the team was amazing and really helped me find my feet.
There are two stand out moments that really stick in my mind from the project. The first was facilitating four days of audits with an external auditor. We didn’t limit the scope of what the accreditation would cover, as sometimes is the case, so it meant we had to show that the entire business was compliant to the standard. It wasn’t a problem as we knew everything was very strictly managed but it did mean a lot of rigorous checks from the auditors!
Although I had been part of previous audits, being the lead auditee was a completely different experience and very much out of my comfort zone. I remember spending most of the first day in a silent panic as I was being quizzed by the auditor but got into my stride during the second day and by the third day I had forgotten what I worried about in the first place!
It was such a big confidence boost and the support of the teams throughout those days helped me get through it.
The second stand out moment was during the final closing meeting where the auditor confirmed we had passed and were going to be issued with the certificate – and on the first attempt as well! It made the months of hard work worthwhile and as a team we spent the rest of the day with massive grins on our faces.
I’m very proud in what we’ve achieved as a team and that I helped get us there. It has played such a big part in my life for the last year, to see it through to a successful outcome is very satisfying and has certainly confirmed how much I love working in IT security.
It is also great to know that our business can now officially show how much importance and rigor is applied to the protection of our people’s and our customers’ data.