CIRQ (the Certification Institute for Research Quality), an International Standards Organization (ISO) audit and certification body that is a subsidiary of the Insights Association, has awarded certification to Burke, Inc. for compliance with the new ISO/IEC 27001:2022, a widely recognized and internationally accepted information security standard.
ISO/IEC 27001:2022 is an update to the 2013 version of the ISO 27001 standard, which will not be accepted for certification after Spring 2024. In May, CIRQ became one of the first bodies accredited by the American National Standards Institute (ANSI)’s National Accreditation Board (ANAB) to issue ANAB-accredited ISO/IEC 27001:2022 certificates.
The updated 27001:2022 standard establishes new control areas and more specific requirements for such activities as:
• Threat intelligence
• Information security for use of cloud services (processes for acquisition, use, management, and exit)
• Web filtering (access to external websites managed to reduce exposure to malicious content)
• Secure coding
Regarding “threat intelligence”, the new standard requires organizations to gather and analyze information about threats, so that they may continually be prepared to take action and mitigate risk.
“All companies certified to the previous standard – ISO 27001:2013 – must now transition to the updated ISO 27001:2022 framework,” explained Juliana Wood, Managing Director of CIRQ. “Burke wasted no time in moving ahead with certifying to the new standard. They are among – if not the very first – company in the market research sector to achieve this distinction.”
“We are pleased to be one of the first marketing research and insights firms to be certified to the ISO 27001:2022 standard through CIRQ,” said Mike Webster, Burke’s Chief Technology Officer. “This achievement further highlights Burke’s dedication to information security and ensures that the processes, systems, and controls we have in place are in line with ISO standards to protect the confidentiality and integrity of the data we collect.”
ISO 27001 provides a framework for companies to manage their data security. It establishes requirements for information controls to manage people, processes, and technology. The standard covers both the technological aspects of security as well as corporate security, physical security, etc., and relies on regular risk assessments enabling a company to consistently identify and treat security threats. ISO 27001 is accepted worldwide as an assurance that proper and continual measures have been taken to protect valuable company data.