Esri UK: Why ISO27001 information security management matters to one organisation, their partners and clients

Let us be about setting high standards for life, love, creativity, and wisdom. If our expectations in these areas are low, we are not likely to experience wellness. Setting high standards makes every day and every decade worth looking forward to.”  Greg Anderson

Who are Esri UK – and what can they teach us about being cyber resilient?

Esri UK is an entity within a truly global software phenomenon. In fact, Esri is now the third largest privately-owned software company franchise in the world, employing more than 4,500 people. Esri UK has a global presence.

Esri inspires and enables people to positively impact the future through a deeper, geographic understanding of the changing world around them. Their software holds a significant market share worldwide (more than 40% it is estimated) and their clients represent a high proportion of the Planet’s key activities: Aid and Development, Business (e.g. banking, insurance, marketing, media etc), defence and intelligence, education, government, health and human services, mapping and charting, natural resources (e.g. agriculture, petroleum, water etc), public safety (law enforcement, fire, security), transportation, utilities, and the whole gamut of modern communications:

From their continuing success over several decades, you can probably tell that Esri believes in and sets standards high standard in all that it does.

Cyber security: Esri’s management system approach to protecting data

To quote Nick Rigby, non-Executive Director and a former Director of Intelligence at the MoD: “Information Security at Esri UK is constantly evolving as we develop and implement new technologies. It’s a Darwinian process that has no endpoint and that requires us to test and measure what we are doing at regular intervals. We don’t regard security as a ‘quick fix’ problem because we know that the task is ongoing and we cannot afford to ignore the challenge. Therefore evaluating our own, and our customers’, risk is part of the Esri UK DNA.”

Board level decision – keep on improving security: it’s part of our business

In 2012, The Board of Esri UK resolved to adopt ISO27001: the information security Standard, and to seek UKAS-accredited certification by 2013.

The main drivers for gaining certification were:

1) Adopting best practice as defined in the ISO27001 information security standard

2) Differentiation: Esri UK would gain an advantage over its competitors by achieving certification

3) Compliance with the requirements of an ever growing number of potential ‘government’ let contracts.

In order to speed up the process and achieve the best results possible, Nick selected IT Governance Ltd to deliver a bespoke mix of consultancy advice and public and internal training courses, from the initial gap analysis to audit support based on their track record in ISO27001.

Esri chose to put its faith in the international standards approach for reasons that are becoming increasingly apparent to industry in general.

You see, without falling back on grandstanding terminology like “cyberwar” or “advanced persistent threat”, protecting your own and your clients’ and partners’ data really does matter. Esri has got there first in the spatial data market. But that’s hardly surprising, given their leading position. The fact is, to be a winner like Esri, you need Standards!

Here are a few reasons for following the fastest route on your corporate map to arrive at Esri’s robust information security management system.

Read the Esri ISO27001 case study here:

And talk to us without obligation. We can provide the very best references!

*  *  *  * 

How can you emulate Esri’s well-deserved success in gaining ISO27001?

Talk to IT Governance – today!

If you would like to find out more about ISO27001:2013 and how to set up and run an Information Security Management System (ISMS), talk to our consultants by calling: 0845 070 1750.

Bookmark this page as well!