Specialist healthcare app Peppy today announced its successful certification against the internationally recognised information security standard ISO 27001. Regarded worldwide as the gold standard of infosec compliance, achieving certification is a demonstration of Peppy’s continuing commitment to the security of its users and supply chain relationships. Recognising the extent of privacy risks experienced by health apps* Peppy turned to cloud SaaS ISMS.online due to the platform’s success helping similar organisations in the health industry achieve and maintain ISO 27001 compliance.
The Peppy app provides access to specialist healthcare and wellbeing support delivered by expert practitioners via a user’s smartphone. Primarily designed to support parents returning to work, Peppy’s service model exists at the intersection of health and human resources and provides support mechanisms for both employers and employees.
Peppy co-founder, Evan Harris, said, “The success of our app relies on users having absolute confidence that their personal and professional information is being optimally handled throughout their Peppy experience. By modeling our information security management system on the ISO 27001 standards – and evidencing that commitment through certification – we are best positioned to deliver the highest possible level of security for our users and partners.”
Achieving ISO 27001 certification requires the development and maintenance of an information security management system (ISMS). When deciding on a solution to develop its ISMS, Peppy determined that cloud SaaS ISMS.online was a natural choice. The simple but powerful platform was already helping healthcare industry stakeholders, from the NHS to niche startups, ensure their operations and innovations remain responsible and secure.
ISMS.online founder, Mark Darby said, “We’re delighted that Peppy has become certified using our platform and look forward to continuing this relationship through the entire re-certification lifecycle and beyond. We view ISO 27001 certification as one way to vaccinate against the increasing threats within the health sector so it’s great that we’re seeing growing interest in our platform from organisations across the health spectrum. A live, flexible, joined-up ISMS really is the only way to ensure your business can stay ahead of risk in the current climate.”
Darby continued, “Globally, the healthcare industry is one of the most heavily targeted. It’s also officially the most impacted financially when an information breach occurs – with the average breach costing $7.13 million (USD)**. The combination of high-value intellectual property and increasing levels of personally identifiable information at stake makes the health industry fertile ground for hackers and their increasingly sophisticated methods. That’s why demonstrating a good information security posture with ISO 27001 certification is a must-have for retaining customers and winning new business in the health sector.”
In addition to achieving ISO 27001 certification, users of the ISMS.online platform can also use the platform to manage and demonstrate compliance with the Data Security and Protection Toolkit (DSPT). The DSPT is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards. All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they’re practising good data security and that personal information is handled correctly. Just like achieving certification for ISO 27001, organisations can gain a competitive advantage by being able to easily manage and evidence against this protocol.
*BMJ via BBC
**IBM 2020 annual Cost of a Data Breach report