Information Security and the BizCubed Ways and Values

by Rebecca Zeus
July 28, 2022

BizCubed's Ways and Values Graphic

BizCubed’s Ways and Values

We’ve blogged previously about the BizCubed Ways and Values.  Many companies have versions of this – they may call them values, guiding principles or another phrase.  While many in large organisations struggle to see them as more than “corporate buzzwords”, we rely on them heavily and incorporate them daily.

As we made the decision to embark on ISO27001 certification of our Information Security Management System (ISMS), we consciously considered how it aligned with our Ways and Values.  This is one of the questions we ask ourselves often when introducing something new into our organisation – how does it align with our strategic direction, how does it align with our Ways and Values, and where does it fit in our cadence?

The management team agreed that ISO27001 certification aligns with our BizCubed Ways and Values as follows:

For the initial establishment of our ISMS to obtain ISO27001 certification, the “Teach and Learn” interpretation was the most relevant.  Approaching this from a continual improvement perspective helped it feel more achievable.  Rather than seeing it as a huge undertaking that at times seemed insurmountable, starting from a “here’s what we currently do” basis made it more manageable.  This made it easier to identify where the true gaps were versus what the further enhancements could be.  It helped us focus and prioritise, while reassuring the team that achieving the certification is about more than just having the best system and tools, it’s about committing to the journey of continual improvement.

In terms of maintaining ongoing success of our ISMS, each of the above interpretations of our Ways and Values will contribute an essential aspect.  While we continue to embed the system in the near-term, “Our Solutions Work” will be relied on the most – tracking audit actions, measuring the system’s performance and reviewing information security impacts of internal and business changes.  “Take Responsibility” will be a key theme long-term, allowing us to understand new gaps in established systems, tools and processes, whilst our Openness will help us keeping abreast of new opportunities and vulnerabilities. Each of these values will be essential in delivering Distinct Capability to the market and achieving the ultimate outcome – Delighted Customers.

Alignment with our Ways and Values serves as a great checkpoint as we continue to improve our ISMS and maintain our certification.  We can ask ourselves if our ISMS is serving the intentions identified, and challenge whether the intentions we’ve described are still relevant for ourselves and our customers.

About the Author

Rebecca Zeus is Co-Owner and Enablement Manager at BizCubed. A chemical engineer by training and a Lean Six Sigma Blackbelt, she has built a reputation as an expert in process design and implementation. Most recently, she led a company-wide initiative to formalise and certify BizCubed’s Information Security Managment System. She is also a mother of four, a school volunteer, a non-profit board member, and a crafting-enthusiast.

More blog posts

BizCubed’s Journey to ISO27001 Certification

A year ago, we blogged about Data Security as a Practice. Since then, we have continued the practices we talked about there, integrating it even further into our daily practice, and incorporating new processes and aspects into our existing cadence.

read more

Building a New Habit is HARD!

 “Building business logic is a low priority, from my perspective.” This was what my CEO said to me as I shared with him my priorities for the week. The funny part? I work for a data engineering firm...

read more