A Gloucestershire company has gained gained full ISO 27001 accreditation, an internationally acknowledged certification, considered the industry's highest benchmark for information security.

With GDPR due to come into force next May, data security is a big issue nationally and in the Gloucestershire business community.

Cheltenham-based TechOp Solutions was awarded the certification after a thorough external audit deemed its internal security management system to be up to the high standards of ISO 27001. The auditors tested not just the physical security of the data, such as where files are stored and behind what firewalls they reside, but also the wider security culture amongst the staff, such as keycode access security doors and passwords.

Sam Wilson, Director of TechOp Solutions, said: "Although ISO 27001 is not essential, we actively sought the certification to not just ensure that we are holding ourselves to the highest standard, but also to show our clients that we can be trusted with their private information. Cyber security is important to our business in so many ways, be it ensuring any information from our software contracts with the Department of Justice remain confidential, or actively providing cyber security consultancy to local SMEs, it is important that we lead by example. You wouldn't trust an IT company with poor security, just as you wouldn't trust a dentist with bad teeth, so being officially accredited to such a gold standard is a huge honour, and one that we're very proud of."

Although ISO 27001 isn't officially linked to the impending law, the principles of good cyber security required for this certification will go a long way to satisfying the requirements of the new regulations.

Simon Leonard, Commercial Director at TechOp said "We often tell our clients that due to the increased sophistication and ease of use of modern malware, cyber security incidents are increasingly becoming a matter of not if, but when, and one thing that impressed us about ISO 27001 is that it also focused on our plans for how we would handle a data breach. Having ISO 27001 doesn't make us bulletproof, there's no such thing as a company that has no risks, but what the auditor was looking for is evidence that we frequently look for risks, and plan for how they would affect our business."