Wednesday 23 September 2020
Select a region

Recruitment company achieves data security certification after breach

Recruitment company achieves data security certification after breach

Tuesday 11 February 2020

Recruitment company achieves data security certification after breach

A local recruitment company has achieved the international standard for information security management, after being targeted by “hostile” hackers who stole private information about family members, ID details and travel itineraries.

CSS Limited received confirmation of their certification to ISO 27001 after a two-day audit conducted by an independent external auditor, on behalf of the British Assessment Bureau.

During the audit, CSS staff had to demonstrate and provide evidence that they met the international standard on how to deal with all aspects of Information security within the organisation, combining both, physical, intellectual and electronic security on various levels and platforms.

“This was a very intense audit, much harder than 9001,14001 and 45001 audits," Elaine Feltham, CSS’ Data Protection Advisor, commented. "It was a great relief and privilege to receive certification, and I cannot praise our team enough for all their hard work and commitment."

“Being the only offshore recruitment company known to achieve ISO 27001 certification and indeed all 4 ISO standard, has given the company great kudos," Christopher Inns, Operations Director, added. "It’s been a long, learning curve to get here and without the support of our IT provider and amazing employees, we would never have received certification."

The news of CSS' certification comes after Jersey’s Data Protection Authority revealed they had suffered three data breaches across 2018 and 2019

One of the breaches involved a system shutdown in August 2018 when CSS was attacked by the GandCrab virus.

The most serious incident came in November 2018 when the company’s systems were infiltrated by a “hostile third party”, which led to a “loss of information about data subjects including identity information, travel itineraries, family information and employment documentation” – information that could be used to facilitate identity theft. 

Sign up to newsletter



Comments on this story express the views of the commentator only, not Bailiwick Publishing. We are unable to guarantee the accuracy of any of those comments.

Once your comment has been submitted, it won’t appear immediately. There is no need to submit it more than once. Comments are published at the discretion of Bailiwick Publishing, and will include your username.

There are no comments for this article.

To place a comment please login

You have landed on the Bailiwick Express website, however it appears you are based in . Would you like to stay on the site, or visit the site?