ISO 27001:2013 is an international standard designed to establish and maintain an effective information security management system. As part of our process of continual improvement we first completed this registration during 2018.
What is ISO 27001?
ISO 27001 requires that management:
- Systematically examine the organisation's information security risks, taking account of the threats, vulnerabilities and impacts
- Design and implement a coherent and comprehensive suite of information security controls, and/or other forms of risk treatment, to address those risks that are deemed unacceptable
- Adopt an overarching management process to ensure that the information security controls continue to meet the organisation's information security needs on an ongoing basis
The scope of our certification
The scope of our ISO 27001 certification:
- An Information Security Management System (ISMS) supporting research and feedback interviewing services (face to face, telephone and web surveys), including;
- International and multilingual research and client feedback
- Qualitative and quantitative methodologies
- Mystery shopping
- Customer opinion tracking studies
- Data modelling
- Design and development of research software (including the hosting of internet services)
- Customer relationship management
- Project management
As part of our ISO 27001 certification, we undergo an annual in-depth independent assessment, conducted by MQA (Marketing Quality Assurance). Our most recent certification was in September 2019.
What are the differences between ISO 9001, ISO 20252 and ISO 27001
ISO 9001 is a quality system that ensures that clients receive a great service, and that our service and products are continually improved. We define the internal quality systems and ensure that we deliver to them for the 2 certified scopes (research and software development/hosting of services). ISO 9001 takes a risk assessment and mitigation approach to managing quality.
ISO 20252, by contrast to ISO 9001, is a ‘best of class’ prescriptive standard that defines standard ways and standards dependent upon the appropriate research methodology. For example, when undertaking telephone interviews the standard defines the minimum number of interviews that have to be validated per interviewer and the methods of assuring the quality of their work.
ISO 27001 is an information security standard that uses a risk assessment and mitigation approach in the same manner as ISO 9001. An information security management system (ISMS) is set up within which 114 controls (listed in ISO 27002) are established to cover areas of risk, including; staff recruitment, access control, network, cryptography, physical security, supply chain management, compliance and incident management.
Market Research Society
Acuigen is a company member of the Market Research Society (MRS). The MRS’ Code of Conduct and rules guide us on the ethics and practicalities of our work, and in particular provide guidance on the interpretation of data protection and privacy in the context of research.
MQA’s ISO certification process is accredited by the United Kingdom Accreditation Service (UKAS) – the national accreditation body for the United Kingdom, appointed by the UK government, to assess organisations that provide certification. UKAS is a signatory to international accreditation agreements which provide for mutual recognition.