Business to business health organisation RehabWorks has achieved certification to ISO/IEC 27001, the information security management system standard from BSI.

ISO 27001 helps businesses identify the risks to their information security and puts in place appropriate controls.

RehabWorks, which employs more than 120 people, began the process late last year and has received a number of scheduled assessment visits at its Bury St Edmunds headquarters site and its other corporate locations in Scotland, Birmingham and London.

Chris Humphries, business systems manager at RehabWorks, said: “Achieving ISO/IEC 27001 is a fantastic acknowledgment of the work we put in as a company to ensuring our IT practices are thoroughly appropriate and secure.

“It was even more reassuring for us to learn through the process that our existing policies and procedures were already meeting a lot of the requirements, in aspects such as client privacy, data transfer and business continuity.

“We have learned a great deal and see certification as a real plus-point when we’re submitting tenders to work with major UK businesses.”

Andy Holdcroft, chief executive of RehabWorks, sees the certification as a vital part of the company’s strategy to ensure client reassurance in terms of data management.

“We are, and always have been, meticulous about how we store or convey client data and how we handle sensitive information, so gaining certification is an important reflection of that,” he said.

“We know customers expect the highest level of security from us and we are confident that is what we are able to provide – whatever the scale of their company.”

Suzanne Fribbins, risk management specialist at BSI, said: “By achieving certification to ISO 27001 RehabWorks has shown it takes securing its customers valuable information assets seriously.

“This is testament to the hard work and dedication that has gone into taking a well thought out approach to keep information security risks under control and, provide the best possible service to its customers.

“ISO 27001 is increasingly becoming a ‘ticket to play’ and an investment that delivers true business benefits. By demonstrating compliance with this standard RehabWorks will be able to provide stakeholders and customers reassurance that their data is protected as well as meet tender requirements.”