Smile IT are ISO 27001 Certified

You entrust a managed service provider with the lifeblood of your business: your company and client data. It’s imperative they safeguard this information, creating a fortress around your business systems and processes. How do you know your MSP is going to do a good job of safeguarding your data? You need to look for quality assurance. And quality assurance in information security doesn’t get more powerful than ISO 27001. Which is why Smile IT have spent the last few months going through the ISO27001 certification process, so that our clients and potential customers can see the extreme level of commitment we have towards information security management.



ISO 27001 is the international standard for information security. When your business has achieved this level of certification, it indicates to a global audience that you’re aligned with best practice in information security.

In other words, your business consciously takes the best possible approach towards keeping information safe from misuse, unauthorised access, destruction or damage. It goes without saying that in today’s digital age, information security should be of the utmost priority.

What happens with the ISO 27001 standard is a business gets provided a framework to develop their information security management systems. This standard, according to assurance company Compass:

– Provides requirement for the assessment and treatment of information security risks.

– Addresses opportunities that could arise and provides means for capitalising on them.

– Is applicable to all organisations determined to display a commitment to quality.

We see ISO 27001 as a business differentiator. It shows a commitment not only to a high standard of information security, but a commitment to continual improvement too. So if its assurance you’re after when choosing a managed IT service provider, choose an IT company with ISO 27001 certification.



Achieving ISO 27001 certification is done with the help of an external auditor, in the case of Smile IT we used Compass Assurance Services. As with any ISO certification, it involves a three stage process:

Stage One Audit

Our business and information systems were assessed and benchmarked by Compass, who indicate any issues that need to be addressed.

Stage Two Audit

Here the effectiveness of our business processes was assessed. This is a more hands on stage, where staff are interacted with and work being undertaken is observed. Questions asked include:

  • Are systems being followed correctly?
  • Are objectives being achieved?
  • Do team members know what is expected of them?
  • Are clients and other stakeholder needs being met?

Stage Three Certification Decision

After the first two stages are complete the auditor called in an independent Compass Certification Manager. They receive the first two audits, carefully going over the information to decide whether certification is warranted. Once certification is granted, as it was for Smile IT, certificates are issued and digital logos can be added to websites and email footers.

The hard work doesn’t end there, as there are annual surveillance audits, plus a re-certification audit every three years.



The ISO 27001 standard puts cyber security first and foremost. By becoming certified, a business will get a clear-cut idea of the security threats that could harm their own business processes, or put the data of their clients in danger.

Knowledge is power, and what is learned from the certification and compliance process differentiates a business from its competitors because they will simply have a better understanding of the cyber security landscape and how to stay protected. This benefits a business in a number of ways:

  • It can be used as a powerful marketing tool. Data breaches are constantly on the rise, and if a business can assure clients of their superior abilities in protecting data, it will be easier to retain current clients and attract new ones.
  • Adhering to the certification provides a clear cut framework for ensuring operational processes are secure. Policies and guidelines become clear, practices are defined and documentation is improved. The result is more efficient and effective processes.
  • Most legal and regulatory compliance requirements fall under the scope of the ISO standard. So if a business or government agency has ISO 27001 certification then customers can be assured it takes compliance seriously.
  • The creation of secure and tested policies and procedures stands an organisation in good stead for ongoing information security. Combined with the yearly audits and re-certification every three years, ISO 27001-certified organisations will be consistently cyber secure, year after year.