Horse Meat Scandal vs Information Security: A (un)likely comparison

As the European horse meat debacle continues to lead the headlines, I’m wondering how many more organisations are going to be put under the spotlight, and which of the already shamed brands will survive. Reputational damage will no doubt cause the demise of Findus, whereas the likes of Tesco, Aldi and Iceland will more than likely continue playing the blame game and get away with their lack of food traceability, and corporate social responsibility, with a small fine and another public apology from their PR departments.

As consumers adapt their buying behaviour, I suspect that meat counters within the big supermarkets will suffer a dip in sales, and the local butcher’s will gain new business. I personally hope that local butchers will capitalise on this opportunity and turn first-time customers into loyal fans over the longer term.

Even though it’s claimed that the horse meat being sold is safe for human consumption, how can people be sure? If criminals were illegally passing off horse meat as beef, how likely are they to be applying adequate hygiene standards? Why should people have confidence in the food industry when it’s become quite clear that the strict regulations they have in place do not work? If it’s possible for horse meat to be mis-sold as beef, what other issues are lurking within the supply chain?

These are all valid questions and I’m sure they will be answered once the full extent of the scandal is understood. At the moment though, it’s a case of damage limitation and the robustness of your business continuity plans. How quickly can businesses get back to business as usual, shrug off the conspiracy claims and regain the trust of their customers?

The horse meat scandal proves to be a an unlikely comparison to information security, procuring and maintaining the integrity of your company.

What would happen if people took the security of their personal information as seriously as their health and well-being?

We see it all the time; Sony was fined £250,000 after a ‘preventable’ data breach in April 2011, compromising the personal information of millions of customers, including their names, addresses, email addresses, dates of birth and account passwords. Customers’ payment card details were also at risk.

What would have happened to Sony if each compromised customer walked away from the network and never returned? The consequences would have been far more significant than a drop in share price.

Fortunately for Sony (and the many other organisations that have neglected to keep their customer’s personal data secure), short memories and a lack of awareness amongst the general public means that theses organisation didn’t collapse and are still able to operate. However, awareness is on the rise. People are beginning to ask questions similar to those being asked of the horse meat scandal. And it’s only a matter of time until people demand a certain level of assurance that their personal information is being treated in a secure manner.

What can an organisation to to provide this level of assurance?

Complying with Data Protection laws, such as the UK Data Protection Act (DPA), is the first step that all organisations should be doing as standard. It’s almost assumed by the general public that organisations they have dealings with do in fact comply with these laws. How come then, the Information Commissioner’s Office (ICO) are issuing fines on a regular basis to larger organisations, particularly in the public sector? And, if large public sector organisations (such as the NHS) are not complying with the 8 basic principles of the DPA, what does this mean for SMEs and other private sector organisation that don’t yet have to notify the ICO of a data breach? It doesn’t exactly inspire trust, does it?

How about ISO 27001 certification?

ISO27001 is the only auditable international standard which defines the requirements for an information security management system (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls. ISO27001 helps to protect information assets and give confidence to interested parties including an organisation’s customers, by proving through accredited certification that your systems are compliant.

An accredited certificate tells your existing and potential customers your organisation has defined and put in place effective information security processes, thus helping to create a trusting relationship. A certification helps an organisation focus on  improving information security processes. Above all, certification ensures that the organisation keeps its information security up to scratch, and therefore it continues to ensure its ability to operate.

ISO27001 certifications say you are taking cyber security threats seriously. Prospective customers are naturally concerned about fraud, theft of personal information, and reputational damage due to cyber-breaches. Compliance with the ISO27001 standard is proof that you care.

Read more about the benefits of ISO 27001 certification on our website. And while you are there you may want to look at our guidance on implementing ISO 27001.