The International Organisation for Standardisation (ISO) has approved USS’s application for ISO 27001:2013, a sought-after accreditation in information security.
ISO27001 is an international standard awarded to organisations with proven best practice information security management systems (ISMS). Accredited certification demonstrates that an organisation adapts and adheres to international information security best practices.
Organisations that have been awarded ISO27001 are expected to recognise that information security is not just about antivirus software, implementing the latest firewall or locking down laptops or web servers. The overall approach to information security should be strategic as well as operational, and different security initiatives should be prioritised, integrated and cross-referenced to ensure overall effectiveness.
Martin Davies, information security manager at USS said:
"USS has a great security ethos from the top down. Achieving ISO27001 certification means that we have an effective information security management system, which we will continue to maintain going forward in order to protect the data we work with."
The accreditation applies to USS’s head office in Liverpool, the USS Investment Management office in London is currently undergoing the ISO27001 application process.