Castlight Achieves ISO-27001 Accreditation

A huge congratulations to Murdo Thomson, our Chief Information Security Officer, and his team, who have secured ISO-27001 accreditation for Castlight.

ISO-27001 is the only audited international standard that defines the requirements of a robust information management system. And securing the standard demonstrates that an organisation has defined and put in place best-practice information security processes.

Key Strength

We knew our information security was one of our company’s key strengths, but we wanted to challenge ourselves. So we volunteered to put ourselves through the wringer and have the robustness of all our policies, procedures and processes tested and squeezed.

And after three months of Murdo checking every aspect of our information security systems against the requirements of ISO-27001 and two days of rigorous examination – we passed! And we are now proud to be just one of a handful of fintech companies in the UK who have achieved the standard.

Data Safeguard

Our clients entrust their data to us and it has always been part of the DNA of our business  practice and processes that we respect and safeguard that data. We invested a significant amount of time and energy to achieve the ISO-27001 standard because we felt  strongly that our customers deserved it. We believe that we owe it to them to provide, not only our assurances that their data was safe, but also validation from an internationally recognised standards authority.

I think Murdo would agree that the ISO-27001 journey has been hard work but hugely rewarding. From where I sit, in addition to the satisfaction of having our information security processes and practices externally endorsed, I feel that ISO-27001 has given us a new appreciation that information security is not just the responsibility of Murdo’s department. It’s embedded in everything we do, every relationship across our different departments and every dealing with every customer.

Heart Of Our Value System

But perhaps most importantly, ISO-27001 has made us more aware that information security is at the very heart of our value system, that it’s part of the ethical way we strive to do things at Castlight.

The ISO-27001 auditors couldn’t test us on our values. But I hope they sensed what was close to our hearts when they they were with us.