CIRQ (the Certification Institute for Research Quality), an International Standards Organization (ISO) audit and certification body that is a subsidiary of the Insights Association, has announced that M3 operations in the UK (M3 Global Research, Abingdon), Sweden (QQFS, Göteborg) and India (m360 Research, Bangalore) have been certified to ISO 27001, one of the most widely recognized and internationally accepted information security standards.
The U.S. operations of M3 were the first to certify to ISO 27001 with CIRQ (June 2016), and US, UK, and Swedish divisions are also certified by CIRQ to the ISO 20252 Market Research Standard.
“Pandemic issues required that these audits be done remotely, which they were during the course of an intense two weeks across multiple time zones,” said Juliana Wood, Managing Director of CIRQ, commenting on what was the longest ISO 27001 audit duration to date. “This geographic extension of certification by M3 highlights the company’s commitment to information security on behalf of its growing, international client base.”
ISO 27001 provides a framework for companies to manage their data security. It establishes requirements for information controls to manage people, processes and technology. The standard covers the technological aspects of security as well as corporate security, physical security, etc., and relies on regular risk assessments, enabling a company to consistently identify and treat security threats. ISO 27001 is accepted worldwide as an assurance that proper and continual measures have been taken to protect valuable company data.
M3 Global Research’s CEO Anton Richter added, “We are delighted and proud that CIRQ has recognized our investments in maintaining industry leading standards in information security across M3 Global Research, QQFS, and m360 Research. The award of the ISO 27001 certification evidences our commitment to constant improvement, and meeting, and exceeding, evolving best practices.”
About ISO 27001
ISO 27001 provides requirements for establishing, implementing, maintaining and continually improving an information security management system. The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. It is important that the information security management system is integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organization. This International Standard can be used by internal and external parties to assess the organization’s ability to meet information security requirements. ISO 27001 can be mapped to other information security schemes such as Hitrust, NIST and Soc2. Compliance with the standard also enables a company to meet global security laws, such as the NIS Directive and the GDPR.
The M3 Group operates in the US, Asia, and Europe with over 6 million physician members globally via its physician websites which include mdlinx.com, m3.com, research.m3.com, doctors.net.uk, medigate.net, medlive.cn, and m3india.in. M3 Inc. is a publicly traded company on the Tokyo Stock Exchange (jp:2413) with subsidiaries in major markets including USA, UK, France, Japan, China, and India. The M3 Group provides services to healthcare and the life science industry. In addition to market research, these services include medical education, ethical drug promotion, clinical development, job recruitment, and clinic appointment services. M3 has offices in Japan, UK, France, Germany, Spain, USA, Sweden, China, South Korea, and India.
A subsidiary of the Insights Association, CIRQ (the Certification Institute for Research Quality) was established to provide assessment and certification services to market research firms seeking certification to ISO 20252:2019 and ISO/IEC 27001:2013. A non-profit entity, CIRQ is committed to providing timely, thorough, and impartial assessments of its customers' research process management or information security management systems in regard to certification to corresponding standards. CIRQ was established in compliance with all ISO requirements for certification bodies that provide auditing and certification services and is accredited by ANSI’s National Accreditation Board. To conform to its mandate of objective and impartial audits to these ISO standards, CIRQ is independently operated and managed under the oversight of an independent Board of Directors and submits to annual moderation by external authorities on ISO certification bodies. For more information on CIRQ’s audit and certification services, please contact Juliana Wood, Managing Director: email@example.com.