HackerAgency and Serum, our healthcare practice, have just recently renewed our ISO 27001 certification. The auditing process is rigorous and involves a multitude of processes and every single one of our employees.
We have maintained this above-and-beyond commitment to data security since 2009. Originally, we thought certification would be helpful to prove we can be trusted with our clients’ precious customer data—whether it’s in transit or stored on-site. And that has been a significant advantage.
Over the years, we have discovered several other benefits that make certification even more important to us and to our clients. For example, the ISO framework fits in well with our continuous improvement model in the programs we offer our clients by guiding the continual identification, assessment and remediation of risk. Our team understands and buys into this structure.
One of the greatest advantages of certification is perhaps more counterintuitive.
We believe certification keeps us nimble.
In its earliest days, Hacker determined that doing its own data work would add both quality and speed to the process of creating our clients’ marketing programs. This was well before the Internet existed. Data came to us on magnetic tape reels, shipped to us via FedEx. We’d sign agreements with list rental companies promising we wouldn’t use the data outside the contracted purpose.
Those 30 years of history have made Hacker’s data processing organization a powerhouse of knowledge. We have grown with the industry and can handle data with the very best specialists, because we are specialists ourselves.
In the meantime, however, data risks have grown exponentially. Cybersecurity is a huge business and—as an industry—will grow to $170 billion in the next few years.
The result is that today clients demand both speed and safety. The ISO 27001 framework helps us effectively manage risk in an incredibly fast-paced environment.
To obtain an ISO certification, an organization’s actions must be verifiable, repeatable and placed within a framework of change management. That means you must document all your processes so ISO auditors can verify your data security capability. We trust the framework we have in place because of our certification. You can trust the certification because of the audits.
Keep in mind that most other agencies outsource their data processing, thereby losing both speed and control of the final output.
Because we’re not dependent on other resources, we can realize our objective of hyper-relevancy—true individualized communication—because there’s no friction, no loss of speed, by going through other vendors for our data. Client data, while totally secure, is available much more rapidly because it’s stored securely with us.
We have always invited other agencies to join us in ISO 27001 certification. But, in truth, because creating new processes from scratch is so time-consuming and so hard to maintain, catching up at this point in the history of digital marketing would be very difficult indeed.
We always welcome questions around data security and ISO certification. It’s a critically important topic and we have invested a great deal in becoming experts.