Peppy Boosts Its Threat Immunity With ISO 27001 Certification

A row of users with portable devices

Congratulations are in order for the specialist healthcare app that recently achieved ISO 27001 certification on the first attempt using Will you join them?

We’re absolutely delighted to announce specialist healthcare app Peppy has demonstrated its continuing commitment to the security of its users and supply chain relationships through certification to ISO 27001.

Like other forward-thinking operators with responsibility for large amounts of personal data, Peppy recognises the growing risks facing the healthcare industry and has acted to reduce the likelihood of costly data breaches. Peppy’s certification assures the users who rely on the app to access specialist support and resources specific to major life transitions (like menopause, fertility and parenthood) that their data is in safe hands.

Here’s what Peppy co-founder, Evan Harris, had to say:

“The success of our app relies on users having absolute confidence that their personal and professional information is being optimally handled throughout their Peppy experience. By modeling our information security management system on the ISO 27001 standards – and evidencing that commitment through certification – we are best positioned to deliver the highest possible level of security for our users and partners.”

Achieving ISO 27001 certification requires the development and maintenance of an information security management system (ISMS) and we’re glad Peppy considered our simple but powerful platform as the natural choice to build theirs. We’re already helping healthcare industry stakeholders, from the NHS to niche startups, ensure their operations and innovations remain responsible and secure.

Our founder Mark is passionate about protecting and growing organisations, so he was typically enthusiastic upon hearing the news of Peppy’s certification.

“We’re delighted that Peppy has become certified using our platform and look forward to continuing this relationship through the entire recertification lifecycle and beyond. We view ISO 27001 certification as one way to vaccinate against the increasing threats within the health sector so it’s great that we’re seeing growing interest in our platform from organisations across the health spectrum. A live, flexible, joined-up ISMS really is the only way to ensure your business can stay ahead of risk in the current climate.”

Globally, the healthcare industry is one of the most heavily targeted. It’s also officially the most impacted financially when an information breach occurs. The 2020 IBM Cost of Data Breach Report notes the average healthcare data breach costs $7.13 million and takes 329 days to contain. That’s the highest and longest of any sector.

Why such rich pickings? It’s a combination of things that makes the health industry fertile ground for hackers and their increasingly sophisticated methods. Firstly, the healthcare landscape is one of the most commercially competitive in the world and this is reflected in the value of the intellectual property. Plus, there are increasing levels of personally identifiable information being collected and handled, whether by traditional methods or more modern technologies like wearable tech. Finally, overlay these practices with an industry accelerating in response to Covid-19 – where it can be tempting to cut security corners in the race to positive outcomes – and you’ve got a prescription for unacceptable risk.

That’s why demonstrating a good information security posture with ISO 27001 certification is a must-have for retaining customers and winning new business in the health sector. Your supply chain needs to know that you’re as committed to information security as they are. Certainly, our customers are telling us ISO 27001 is increasingly becoming a baseline for tender responses within NHS trusts.

Speaking of NHS requirements, in addition to achieving ISO 27001 certification, our users can also use to manage and demonstrate compliance with the Data Security and Protection Toolkit (DSPT). The DSPT is an online self-assessment tool that allows you to measure your performance against the National Data Guardian’s 10 data security standards. All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they’re practicing good data security and that personal information is handled correctly. Just like achieving certification for ISO 27001, you can gain a competitive advantage by being able to easily manage and evidence against this protocol.

If you’d like to follow in Peppy’s footsteps with ISO 27001 certification – or you’re simply interested in building a joined-up ISMS that you can build and maintain in the cloud – get in touch. We’re here to help.