BUI has earned ISO/IEC 27001:2022 certification in recognition of its commitment to data protection and data privacy.

BUI, an award-winning global technology consultancy and cloud solution provider, today announced that it has earned ISO/IEC 27001:2022 certification in recognition of the strength of its information security management systems and its commitment to data protection and data privacy.

ISO/IEC 27001:2022 is the latest version of the internationally renowned standard for Information Security Management Systems (ISMS) developed by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC 27001:2022 improves on its predecessor – ISO/IEC 27001:2013 – and contains several key updates to promote a holistic approach to information security management in a world where cyber attacks are becoming more frequent, more disruptive and much more costly for businesses everywhere.

A comprehensive review

BUI received its ISO/IEC 27001:2022 certificate after a comprehensive review by the British Standards Institution (BSI). “We’ve always had robust policies and procedures to safeguard sensitive information and customer data,” says BUI Chief Operating Officer Gayle Roseveare, citing the company’s compliance record as well as its existing ISO/IEC 27001:2013 and ISO 22301:2019 credentials and its strict adherence to all applicable data protection laws, including Kenya’s Data Protection Act.

“When the ISO/IEC 27001 standard was revised late last year, we began our preparations to transition from the 2013 version to the 2022 version,” continues Roseveare. “We took the time to interrogate our ISMS and our operational methodologies against the updated ISO/IEC 27001 frameworks. We wanted to measure our internal systems and structures according to the recommendations, guidelines and best practices defined in ISO/IEC 27001:2022. I’m delighted to say that we met, and often exceeded, the requirements for certification.”

BUI Group Governance and Compliance Manager Dhiren Boodhia is equally pleased. “The 2022 modernisation of ISO/IEC 27001 effectively raised the bar for certification – and that’s a good thing. The audit process is a litmus test for excellence in the disciplines of information security, cyber security and privacy protection,” explains Boodhia.

“If you’re awarded the ISO/IEC 27001:2022 badge, it’s because you’ve proven your ability to maintain the confidentiality, privacy and security of sensitive data in line with the stringent principles set out by the ISO and the IEC. Every person here at BUI is committed to the continuous improvement and enhancement of our ISMS – and this certification acknowledges our shared focus,” he says.

A new-look standard for a changing world

One of the most significant changes to the ISO/IEC 27001 standard involved 11 additions to Annex A (the section concerned with information security controls) and Boodhia notes that the revision is a sign of the times. “ISO/IEC 27001 was first published in 2005; updated in 2013; and updated again in 2022. If you consider the recent advancements in cloud technology and artificial intelligence, and the scourge of cyber crime, you can understand why the ISO and the IEC have added in data controls like data leakage prevention, data masking and information deletion,” says Boodhia.

Roseveare concurs. “The digital landscape is broader than ever; the mechanisms in place to protect and defend the data we gather, store and manage have to be broader, too. With this ISO/IEC 27001:2022 certification, we’ve demonstrated that our information security management systems are up to date and fully aligned with accepted industry conventions. We’ve also shown our teams, our partners and, most importantly, our customers that we remain compliant and vigilant as trusted data custodians.”