Data security is becoming an increasingly essential aspect of construction. Central to planning and design, right through to handover, construction revolves around data security and integrity.
So, it’s reassuring to learn that Zutec has been awarded ISO 27001 certification.
What is ISO 27001?
ISO 27001 is the global standard for managing risks associated with data and information. To qualify for ISO 27001 certification, companies must demonstrate that their information security management systems (ISMS) effectively mitigate the risks of things like cyber-attacks, data leaks and theft.
Quite simply, this means that you can trust ISO certified companies (such as Zutec) and their personnel to handle data on your behalf.
Why worry about data security?
Any organisation that handles large amounts of data for other companies should be implementing ISMS to ensure that the data they hold is secure. If their systems and internal processes are adequate, you would expect them to hold ISO 27001 certification to illustrate their competence.
But why worry?
Winning business
For a start, many strategic or governmental projects mandate that your data management systems are ISO 27001 certified. If they are not, you might be blowing your chances at landing these kinds of lucrative projects.
But its not just business opportunities you should be thinking about.
Data protection and privacy
If your company operates within the EU, you’ll already be aware of GDPR (General Data Protection Regulation). The EU’s GDPR stipulates that any organisation, whatever its size, has a legal obligation to protect any personal data they hold. GDPR has been described as ‘the strictest data privacy law in the world’, as evidenced by the fines for non-compliance.
Serious infringements can be met with fines of up to €20m or 4% of the previous year’s revenue. And data protection is not unique to the EU. In Australia, serious infringements of The Privacy Act (1988) can result in fines of up to $2.1m, while in the US, a complicated mosaic of state and federal laws dictate how personal data must be handled.
Using an ISO 27001 certified company to manage your construction data protects your company, your assets, your shareholders and directors from the potentially lethal costs of data breaches.
Ransomware attacks
So, data security can be important in securing project contracts – and vital for legal compliance – but there’s more. With increasing frequency, construction is being targeted by hackers.
Things like client databases, blueprints and intellectual property rights hold tremendous value and are all vulnerable from a data security perspective.
Canadian company, Bird Construction, French giant Bouygues Construction, and US firm EMCOR Group have all been subjected to ransomware attacks in the last 18 months.
Such attacks can cripple companies of all sizes. According to a report by Osterman Research, 22% of businesses with less than 1,000 employees that experienced a ransomware attack in the last year had to stop business operations immediately, with 15% losing revenue.
Are you protected?
Reading this, you might assume that any construction management software company would implement ISMS and proudly hold ISO 27001 certification. It seems like a no-brainer.
Surprisingly, that’s not the case.
Many of the systems on the market rely upon their hosting companies to implement ISMS and as such, fall short of data security compliance.
Our advice? Check whether your data management supplier holds ISO 27001 certification. If they don’t, move over to a platform that does.
Choose Zutec
Zutec are the experts in construction management systems. With Zutec modules, you not only streamline your processes and save money, you also get the peace of mind that your data (or more accurately, other people’s data that you are handling) is secure.
Protect yourself, protect your project data.