McGregor Boyall Double Down on Info Security
London – March 2018
Responding to the growing importance of information security, McGregor Boyall have achieved CyberEssentials Plus and ISO 27001 certification at the first attempt. Their achievement reflects the firm’s awareness that social media and the digital economy are transforming everyone’s personal and economic interactions - but that these changes are accompanied by real potential risks and that it doesn’t take much for opportunity to turn into threat.
McGregor Boyall have demonstrated their awareness of the vastly increased need to inspire confidence in their candidates and their clients who they recognise have the right to expect individual privacy and corporate confidentiality.
The firm chose to ensure that it can provide candidates and clients with proof of the robustness of both its digital systems and its non-digital information security systems. CyberEssentials Plus is recognised as a clear indication that effective cyber security controls have been put in place by an organisation. McGregor Boyall recognised gaining CyberEssential Plus was there therefore an important step to gaining trust from candidates and clients. But they also appreciated that it was not the total answer. They recognised that information security is not just about cyber security. Rather, it is only part – although a very important part – of a bigger security picture. For that reason, they decided to go for the much broader ISO27001, a certification that addresses the need of an organisation to build and maintain an awareness of all forms of information security and to embed that awareness into its culture.
Laurie Boyall, Group Chief Executive, was the driver of the firm’s security initiative, stating, “It is my responsibility to recognise that every candidate who applies to us has the absolute right to expect that their personal information is being stored and used in a way that respects their privacy and their wishes.” And he added, “Our clients also have the right to believe that their information and their brand are being entrusted to a business partner who is committed to protecting them”.
Boyall’s views are shared by the firm’s Quality and Information Security Manager, Hollie Allen, who was responsible for driving both projects through. Allen stated, “Building an info security aware culture is not easy. But it’s critical. We really believe that the work we’ve done on CyberEssentials Plus and ISO27001 has also helped us with all the work we’re doing on GDPR”.