Information Security and the BizCubed Ways and Values

BizCubed’s Ways and Values

We’ve blogged previously about the BizCubed Ways and Values.  Many companies have versions of this – they may call them values, guiding principles or another phrase.  While many in large organisations struggle to see them as more than “corporate buzzwords”, we rely on them heavily and incorporate them daily.

As we made the decision to embark on ISO27001 certification of our Information Security Management System (ISMS), we consciously considered how it aligned with our Ways and Values.  This is one of the questions we ask ourselves often when introducing something new into our organisation – how does it align with our strategic direction, how does it align with our Ways and Values, and where does it fit in our cadence?

The management team agreed that ISO27001 certification aligns with our BizCubed Ways and Values as follows:

For the initial establishment of our ISMS to obtain ISO27001 certification, the “Teach and Learn” interpretation was the most relevant.  Approaching this from a continual improvement perspective helped it feel more achievable.  Rather than seeing it as a huge undertaking that at times seemed insurmountable, starting from a “here’s what we currently do” basis made it more manageable.  This made it easier to identify where the true gaps were versus what the further enhancements could be.  It helped us focus and prioritise, while reassuring the team that achieving the certification is about more than just having the best system and tools, it’s about committing to the journey of continual improvement.

In terms of maintaining ongoing success of our ISMS, each of the above interpretations of our Ways and Values will contribute an essential aspect.  While we continue to embed the system in the near-term, “Our Solutions Work” will be relied on the most – tracking audit actions, measuring the system’s performance and reviewing information security impacts of internal and business changes.  “Take Responsibility” will be a key theme long-term, allowing us to understand new gaps in established systems, tools and processes, whilst our Openness will help us keeping abreast of new opportunities and vulnerabilities. Each of these values will be essential in delivering Distinct Capability to the market and achieving the ultimate outcome – Delighted Customers.

Alignment with our Ways and Values serves as a great checkpoint as we continue to improve our ISMS and maintain our certification.  We can ask ourselves if our ISMS is serving the intentions identified, and challenge whether the intentions we’ve described are still relevant for ourselves and our customers.