ISO 27001:2013 is an international standard designed to establish and maintain an effective information security management system. As part of our process of continual improvement, we first completed this registration during 2018. During February and March, 2021 we are completing our UKAS re-certification process - our current 27001 is valid until October 2021.
What is ISO 27001?
ISO 27001 requires that management:
- Systematically examine the organisation's information security risks, taking account of the threats, vulnerabilities and impacts
- Design and implement a coherent and comprehensive suite of information security controls, and/or other forms of risk treatment, to address those risks that are deemed unacceptable
- Adopt an overarching management process to ensure that the information security controls continue to meet the organisation's information security needs on an ongoing basis
The scope of our certification
The scope of our ISO 27001 certification:
- An Information Security Management System (ISMS) supporting research and feedback interviewing services (face to face, telephone and web surveys), including;
- International and multilingual research and client feedback
- Qualitative and quantitative methodologies
- Mystery shopping
- Customer opinion tracking studies
- Data modelling
- Design and development of research software (including the hosting of internet services)
- Customer relationship management
- Project management
As part of our ISO 27001 certification, we undergo an annual in-depth independent assessment, conducted by MQA (Marketing Quality Assurance). Our most recent assessment visit was in February 2021.
What are the differences between ISO 9001, ISO 20252 and ISO 27001
ISO 9001 is a quality system that ensures that clients receive a great service and that our service and products are continually improved. We define the internal quality systems and ensure that we deliver to them for the 2 certified scopes (research and software development/hosting of services). ISO 9001 takes a risk assessment and mitigation approach to managing quality.
ISO 20252, by contrast to ISO 9001, is a ‘best of class’ prescriptive standard that defines standard ways and standards dependent upon the appropriate research methodology. For example, when undertaking telephone interviews the standard defines the minimum number of interviews that have to be validated per interviewer and the methods of assuring the quality of their work.
ISO 27001 is an information security standard that uses a risk assessment and mitigation approach in the same manner as ISO 9001. An information security management system (ISMS) is set up within which 114 controls (listed in ISO 27002) are established to cover areas of risk, including; staff recruitment, access control, network, cryptography, physical security, supply chain management, compliance and incident management.
Market Research Society
Acuigen is a company member of the Market Research Society (MRS). The MRS’ Code of Conduct and rules guide us on the ethics and practicalities of our work, and in particular, provide guidance on the interpretation of data protection and privacy in the context of research.