Phoenix MI is the 5th US Market Research Firm to achieve this certification!
ISO 27001 establishes information controls to manage people, processes and technology. The standard covers the technological aspects of security, as well as corporate and physical security, and enforces regular risk assessments to help companies identify and treat security threats. ISO 27001 is accepted worldwide as an assurance that proper and continual measures have been taken to protect valuable company data.
To achieve ISO certification, Phoenix MI engaged in an in-depth risk assessment, a comprehensive review of all information security policies and procedures, and internal audits. As a further step in the validation, the company’s information security management system was assessed by a third-party auditor who thoroughly reviewed Phoenix MI’s documentation, practices, and controls.
ABOUT ISO 27001
ISO 27001 provides requirements for establishing, implementing, maintaining and continually improving an information security management system. The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. It is important that the information security management system is integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organization. This International Standard can be used by internal and external parties to assess the organization’s ability to meet information security requirements. ISO 27001 can be mapped to other information security schemes such as Hitrust, NIST and Soc2. Compliance with the standard also enables a company to meet global security laws, such as the NIS Directive and the GDPR.
A subsidiary of the Insights Association, CIRQ was established to provide assessment and certification services to market research firms seeking certification to ISO 20252, ISO 26362 and ISO 27001. CIRQ, a non-profit entity, is committed to providing timely, thorough, and impartial assessments of its customers’ quality management systems or information security management systems in order to make a determination regarding certification to corresponding standards. All CIRQ auditors for ISO 20252 and 26362 have extensive experience in the market research industry. All ISO 27001 auditors are certified lead auditors and have comprehensive information security credentials. CIRQ has been established in compliance with all ISO requirements for certification bodies that provide auditing and certification services. In order to conform to its mandate of objective and impartial audits to these ISO standards, CIRQ attests to ISO/IEC 17065 Standard for Conformity assessment Requirements for bodies certifying products, processes and services conducted by external authorities on ISO-certification bodies.