Chris Foley is the data operations director at MedSurvey.

Over the past four and a half years, I’ve had the opportunity to manage privacy and security for MedSurvey, a fieldwork operations partner for health care market research agencies and consultancies. Taking data security seriously is woven into our company culture. So, when our CEO, Paul Golota, asked if I’d like to make that official by heading up the process of getting certified for the ISO/IEC 27001 – the global gold standard for information security management – my answer was an unequivocal “yes.”

Now, 2+ years later, I’m proud to report that we’ve successfully achieved ISO certification. While the process was well worth it for us; it was nonetheless a big project involving a major commitment of time and resources. We also ran into some unforeseen challenges along the way. 

If your company is considering taking the plunge to get certified, I’d like to share a little about our own thinking behind the decision, as well as some of our biggest lessons learned. I’ll go over our four top reasons for getting certified and five key takeaways that can help you prepare for a smooth certification process.

For us, the decision to get certified for the ISO/IEC 27001 standard came down to four main factors. Here are the biggest advantages, as we see it.

It gives us an official badge of excellence that lets our partners know they can trust us to keep their sensitive data safe. Any company can claim to meet the standards set by their clients, but we can now offer full transparency into our data security process – the standards we meet are crystal clear. 

Certification helps our partners win and keep business, which in turn helps us win and keep business. Having independent verification that we meet the highest standard for data security allows us – and our partners – to work with larger and enterprise-level companies, some of which requi...