Benefex achieves ISO 27001 information security certification
Employee benefits experts Benefex have achieved ISO 27001 certification for information management and protection.
ISO 27001 is the most stringent standard for information security management, and certification formally endorses security controls and policies at Benefex. These include policy and procedures relating to management, personnel, systems and compliance to various laws or acts.
Certification follows a thorough audit and confirms that security of information has been addressed, implemented and properly controlled.
The ISO 27001 certification stands alongside the company’s existing Security Policy Framework Impact Level 3 Restricted (IL3) clearance, giving clients further reassurance that their employee information is in safe hands.
The Security Policy Framework is the government’s standards to protect its assets – people, infrastructure or information. Benefex has been cleared to Impact Level 3 Restricted (IL3), the highest level for an online service.
Chris Wright, Information Security Manager at Benefex, said: “Information security is of paramount importance to Benefex and our clients as we work with the personal details of thousands of UK employees.
“Being accredited with both ISO 27001 and Government Impact Level 3 shows that we provide secure services and are committed to protecting to the data of our commercial, government and public sector clients.”
All organisations with ISO 27001 certification are required to be re-audited by an independent organisation. Benefex has chosen to be audited every six months to maintain compliance with the standards.