ISO 27001 and 27701 Certified - How we bolstered up our Information Systems at Lumify Work Australia & Lumify People
By Chloe Villanueva | May 25, 2023
Lumify Work (formerly known as DDLS Training) and Lumify People (previously DDLS People) are ISO/IEC 27001 Certified and have an ISO/IEC 27701 Certification for operations in Australia. The team has also undergone a months-long rigorous project to mature its information security and privacy management system.
At Lumify, we have always worked to ensure the security and privacy of customers, partners and staff.
ISO/IEC 27001 is considered an international standard for information security management. ISO/IEC 27701 is an extension of this for privacy information management.
Our ISO/IEC 27001 and ISO27701 certification journey
Investing in workplace information security systems is critical in an increasingly complex and digital business world, where privacy and data leaks are consistently in the news. Businesses will often onboard many new applications each year but fail to define and manage the role, the data it holds and who and why users have access to that app. Implementing an Information security and privacy management systems is the key to securing business and customers' data, continually improving and maintaining security and reliability.
But there is more to this than the physical management of data. Data security and privacy rely on robust registers, processes and procedures to build, keep and maintain a functional IPSM. The standards within can be confronting to business leaders but throughout the journey, the controls will ring true to many existing business controls but map accountability. To put those processes and functions under the microscope of an internationally recognised audit is a brave move but also an essential one.
Staff, suppliers and customers can rest assured that we protect the data they entrust us with as best as possible. And that our team are well-briefed on not disclosing personal information, and our systems are hardened through the vendor certification we teach. And that these are all audited against international standards. In our case, the standards are ISO 27001 and 27701.
Our work towards certifications for ISO 27001 (Information Security Management System — ISMS) and ISO 27701 (Privacy Information Management System — PIMS) compliance began with a Gap Analysis of our systems and processes.
We also sought to define our initial scope of work within the period for certification.
From there, we aligned 144 controls for ISO 27001 and additional controls for ISO 27701. This alignment step also involved mapping out systems where we could implement controls.
As advocates of not starting from scratch and using what's already available, we employed a template offering a base structure for these controls. We then identified the relevant policies and procedures according to Lumify's needs based on how we interact with customers, vendors and staff.
We collated our registers, procedures, policies and monitoring plans from there. These monitoring plans involved setting schedules for regular checks and identifying resources within the business who can manage distinct aspects of the system.
Certified team members conducted an internal audit: cyber security lead Jeremy Daly and cyber security technical instructor Louis Cremen. Training and awareness sessions were available to our Team via learning modules and spoken presentations.
Based on our internal and independent audit results, we worked towards compliance to the controls in preparation for the external audit. SAI Global conducted this external audit.
Maturing our Information Security Management Systems
As part of our certification, we established areas for focus for continuously improving Lumify's ISMS and our added privacy management system.
This includes regular scope extensions and:
Periodic security awareness training programs for Lumify staff so they can understand their roles in protecting the organisation's information assets.
Measurement and reporting on the effectiveness of Lumify's information security controls and adjusting as necessary.
Regular security audits and assessments ensure that our information security and privacy management system operates effectively.
ISMS updates incorporating feedback from security incidents, industry best practices, and emerging threats.
James Davidson, Lumify Group ICT Manager shares:
I found great interest in how clever the two standards were structured and written. The international standards organization have put together the gold standard which all businesses can and should lean into.
I heavily believe that business should be a pioneer of social responsibly, securing business information and the privacy of the internal and external stakeholders should be at the top of business priority.
Our business has benefited with more structure, maturity, and resilience to our Information security and privacy management system.
What does this mean for customers and partners?
Customers and partners of Lumify Work can rest assured that their data is handled in a manner that follows legislative requirements, particularly the General Data Protection Regulation (GDPR).
ISO 27001 and 27701 are internationally recognised standards for Information Security Management Systems (ISMS) and Privacy Information Management Systems (PIMS). These standards provide a framework for setting up, implementing, maintaining and continually improving information security and privacy management systems.
Our ISO/IEC 27701 and ISO27701 certifications validate that our information security and privacy management system are secure. They are highly regarded in terms of controls.
Our teams are knowledgeable about ISMS, and our systems are set up with the security of your data in mind. This data can include personally identifiable information as well as company information.
Kirrilly Holmes, ICT Dynamics 365 Administrator, notes:
We adhere to the Australian Privacy Principles and because of this project our team have a greater understanding of the practical application within their daily processes, of protecting Personally Identifiable Information (PII). Our processes have been developed to incorporate GDPR requirements alongside Privacy Principles, as a training provider who delivers to students who are located outside of Australia it is important that they have the same level of trust in our data management as our Australian based students.
What does this mean for Lumify staff?
For our staff, the benefits of our ISO 27001 and 27701 certifications are threefold:
Our team has increased awareness of information security and privacy best practice. They have the tools and procedures to comply with data privacy regulations, especially when they manage customer data.
They have confidence and are empowered to make the right decisions and be proactive when it comes to protecting against threats and reporting data breaches.
Employees have the assurance that their personal information is protected and responsibly handled during their entire lifecycle as part of Lumify Group.
Practising what we preach
In partnership with PECB, Lumify offers the ISO/IEC 27001 Lead Implementer course. It enables participants to gain the knowledge necessary to support an organisation with its information security management system (ISMS).
This training course prepares participants to implement an information security management system using ISO/IEC 27001 standards. The course aims to provide a detailed understanding of ISMS best practices and a framework for continuous improvement.
Members of our team who were involved in maturing our ISMS sat this course and got certified. What we learned here came in handy throughout the process.
About Lumify Group
For over 30 years, Lumify Group (formerly DDLS) has been helping organisations and individuals master technological change. As the preferred training partner of the world’s leading technology vendors, we create best-in-class, vendor-authorised learning experiences for students and customers across a vast and ever-growing range of topics and courses.
Consult your account manager to learn more about how Lumify manages and protects customer data. Or get in touch by email: [email protected]. Speak to a consultant when you call 1800 853 276.