Today we’re joined by Philip Bailey, Managed Services Director at PMC Retail, to talk about PMC’s experience with ISO 27001, from implementation to on-going maintenance.
PMC is a leading retail IT services and solutions provider, who recognised the growing need for formal Information Security certification. They succeeded in achieving certification to ISO 27001 in 2021, now almost a year down the line, we catch up with Phil to find out what they’ve learned, benefits of certification and some tips for those looking to implement ISO 27001.
[01:03] An interesting fact about Phil – He started in electronic engineering and was involved the build of a system designed to measure the mirrors used in a telescope that was carried on the Discovery shuttle!
[01:44] Who are PMC Retail?
[03:49] An example of one of PMC’s projects – Pulling together legacy systems, updating them to newer technologies while maintaining the legacy data.
[04:40] Learn about Phil’s role at PMC
[05:45] PMC now certified to ISO 27001 – One of the most popular ISO’s globally in recent years. It’s becoming something of a mandatory requirement in the tech space when bidding for contracts
[06:31] How do PMC manage their ISO 27001 certification – Created a small team dedicated to the task of achieving certification – along with some help from us 😊 Following certification they onboarded a Compliance Governance Manager to keep up with Internal Audits and other ISO maintenance.
[08:25] How has the ISO Support plan helped? – Blackmores helped to implement the standard, and were very familiar with their system and way of working. Great to have a wealth of knowledge to tap into.
[09:00] PMC managed to implement the standard in just 6 months!
[10:25] What did PMC learn from their experience? It wasn’t an easy task! Getting leadership commitment from the start made a huge difference.
[11:50] The benefits PMC have experienced by implementing and maintaining ISO 27001: Being able to identify risks and put actions in place to mitigate them. Certification demonstrates a robust security infrastructure to third parties. Establishes more credibility to customers and partners. They are able to see a pathway for business growth, utilising the certification.
[14:30] ISO 27001 has helped to collate and bolster their existing Information Security structure – Having a library of resources, unified policies and procedures, company wide Objectives, and better understanding of measuring & managing risks.
[16:15] PMC ensure that staff complete annual training – as required by the Standard.
[17:10] Phil stresses that you can’t just stay still with Information Security is concerned, you need to be aware of new risks and make sure those in your business are also aware and know how to react.
[18:00] Top tips from Phil: Get Leadership commitment early on. Build yourself a Management Team. Get help from an experienced external party. It’s not a walk in the park, and needs focus to achieve in a reasonable amount of time.
[19:42] Phil’s book recommendation: The magic of thinking big by David J. Schwartz.
[21:42] Phil’s favorite quote: “You’re never too old to set a new goal, or too old dream another dream”
We’d love to hear your views and comments about the ISO Show, here’s how:
Subscribe to keep up-to-date with our latest episode’s:
Stitcher | Spotify | YouTube | iTunes | Soundcloud