ISO 27001 - Interview with our Information Security Officer, Jayne Mitchell

What is an ISO 27001 Certification?

ISO/IEC 27001:2013 (also known as ISO 27001) is the international standard for information security. It sets out the specification for an Information Security Management System (ISMS) and has worldwide recognition. The ISMS’s standard’s best-practice approach helps organisations manage their information security by addressing people, processes, and technology.

When did we embark on the ISO journey?

Our CEO, managers and Information Security Officer began the journey to acquire ISO 27001 certification in May 2018.

What prompted us?

During conversations with our customers, prospects and integration partners, the importance of ISO 27001 became apparent. We were doubly motivated as the future proofing of technology has always been at the forefront of our product development strategy. Having the ISO 27001 certification also offered a simpler route for ourselves and potential customers when it came to requests for proposals, as we were able to skip 180-200 information security questions saving us and our potential customers time in the procurement process.

How long did it take?

At MoveAssist we were eager to attain the credentials as quickly as possible. We began the process of gaining the accreditation in May 2018. We booked our Stage 1 assessment in November 2018, which was swiftly followed by the Stage 2 assessment in December 2018. We were delighted to formally receive our ISO 27001 certification on the 21st February 2019, after a total period of 10 months from start to finish.

Why is the ISO 27001 relevant to us?

The ISO 27001 is relevant to any global mobility technology solution because of its inherent need to capture personal information of employees such as salaries and passport details and much other personal information relating to the employee and their families. To our clients the certification provides demonstrable assurance regarding the security of information. To us, as a company, it assists with our future growth, ensuring we are always a few steps ahead and our solutions exceed market expectations.
There are many ISO standards. An example of other popular standards is:

What did we learn from it?

By pursuing the certification, we learned a lot along the way. Most notably we were given the opportunity to properly reflect on our internal practices and processes. With this reflection and the ISO 27001 guidance we were able to learn how we could best improve our internal governance.

How has it helped us?

First of all, peace of mind, knowing that our processes and products are meeting the highest security standards. By undertaking this investment, it also shows that we are actively investing in our fantastic people, our products and our processes. To our customers it provides a seal of approval by way of an independent expert assessment assuring that their data is adequately protected. When we first contemplated getting the certification, we could not have foreseen how lucky we were to have it completed well before the COVID-19 pandemic. Cyber-attacks have grown in intensity and strength over the course of the COVID-19 pandemic due to the steep increase in remote work practices. Remote working is covered within the ISO 27001 framework so you can be confident the same strict security measures apply.

What was the biggest challenge?

The biggest mountain we had to move to meet ISO standards was our tight timeframe which we had set ourselves 😉. We planned to be ready for audit within six months, which we proudly achieved!

What are the main steps to obtain an ISO 27001 Certification?

  1. Securing management commitment and budget
  2. Identifying interested parties and legal, regulatory, and contractual requirements
  3. Conducting a risk assessment
  4. Reviewing and implementing the required controls
  5. Developing internal competence to manage the project
  6. Developing the appropriate documentation
  7. Conducting staff awareness training
  8. Reporting (e.g., The Statement of Applicability and risk treatment plan)
  9. Continually measuring, monitoring, reviewing, and auditing the ISMS
  10. Implementing the necessary corrective and preventive actions

How long is our certification valid?

Once certified you cannot sit back and relax. It’s about always being a step ahead. We continue to be audited annually by BSI (The British Standards Institute).

Neanderthals and Expats

In my last blog, I mentioned that Neanderthals would be my next theme. If you are wondering how this relates to global mobility, read on!

Inspired by Daniel Kahneman, Nobel Prize winner in Economic Sciences and author of Thinking Fast and Slow, he explains the human brain in terms of System 1, the fast, instinctive and emotional brain and System 2, the slow, rational centre where complex reasoning takes place. Buried deep in our brains sits the amygdala, the epicentre of system 1, responsible for fight and flight - it represents our survival instincts and is the oldest part of the human brain (hence Neanderthals, which is a little catchier than homo erectus) - it is activated by fear. System 2 is the prefrontal cortex, located behind our foreheads. Over time system 2 has evolved and has essentially differentiated the human species from other animals - it allows us to do algebra, to hypothesise, reflect, imagine... But system 1 quite literally kept us alive, so both are necessary. More importantly, when one fires up the other slows down. It’s a zero-sum game.

So how does this relate to global mobility? Reading this book very much made the connection in my mind that it is fear that lights up system 1; a strange animal seen by a Neanderthal would be presumed dangerous. Groups are necessary for us to feel safe. These instincts still exist in our brains today, albeit to a lesser extent but they are at the heart of ‘exclusive’ behaviour. Anyone or anything that looks, sounds, or acts differently can fire up a part of our brains alerting us to danger. It takes a strong system 2 to actively seek out people who are different from ourselves and that is what society and organisations are promoting - to draw a blunt and simplistic conclusion, the key to diversity is to minimise fear, create safe environments for our employees to express and be themselves, to invite differences and challenge. In organisations, this can take many forms but international experiences, or working with different cultures is an excellent starting point.

Highly recommended reading: Thinking Fast and Slow by Daniel Kahneman
As well as, Sapiens, A Brief History of Mankind by Yuval Noah Harari and Lord of the Flies by William Golding, if you prefer a fictional novel.

The Key to Diversity & Inclusion is Across The Hallway

Inspired by an article published last Sunday in The Guardian it dawned on me that Diversity & Inclusion (D&I) could be barking up the wrong tree and Global Mobility may be missing a trick. Together they could go a long way to delivering on your company’s D&I agenda. For global mobility, it’s an opportunity to take a seat at the top table and more importantly, take a new direction providing purpose and social impact way beyond your professional remit.

The gist of the article, backed by sound research, confirms the belief that teaching our employees about diversity, biases and discrimination is often ineffective, particularly when delivered as a standalone ‘classroom’ training. These courses are not bad, they may raise awareness of our own biases, but they do not deliver long-lasting behavioural change that is necessary for societal progress or to impact your corporate D&I goals.

So how does global mobility feature in this conundrum? Living and working in foreign cultures can and often does cause a permanent rewiring of our brains - that is we develop new thinking patterns, new problem-solving skills. When faced with working in multicultural teams and having to deliver results, it soon becomes clear that we need to find common ground, we must listen to understand rather than judge, we must look out for non-verbal cues - it requires us to decode a set of unwritten rules that have evolved over millennia. At the top end of the spectrum we not only respect these differences, we positively celebrate them. This is the very essence of inclusivity. This is why foreign assignments are an important and effective tool for D&I; these experiences help us develop cultural intelligence which over time permeates all our relationships and to view the world with a more inclusive and curious lens. Of course, each individual is different and there must be willingness but as a general rule the more exposure, the earlier in life the better. It’s an option available to the wider workforce since multicultural teamwork does not require us to physically move. It is also an excellent opportunity to promote virtual assignments.

At a time when we are challenged by right-wing nationalism, by a pandemic that is making our worlds smaller, when global mobility is facing an existential crisis, it’s worth a chat with your colleagues across the (virtual) hallway. Together you really could go a long way to build a culture of inclusion, tolerance and understanding.

References: What unconscious bias training gets wrong… and how to fix it by David Robson. Published in the Observer, April 25 2021

Lump Sums & Flowers

It’s not an attractive term, let’s be honest. Lumps are generally something we try to get rid of. But lump sums are increasingly popular in global mobility. My personal experiences of these cash allowances as an expat and a trailing spouse, tell a story and perhaps a lesson or two.

I do not remember any specific amounts or values from the various lump sums I received; this is not surprising given the time that has elapsed. However, I do recall that the cost of curtains to fit a family home in Montreal exceeded our whole allowance, which according to the policy was intended to cover all kinds of incidental costs. Similarly, my cousin blew her entire allowance on relocating her dog to New Zealand (Pet allowance blog to follow). Whilst the amounts have faded with time, the emotions and feelings are still remarkably vivid.

These often well-rounded and mysterious figures sound attractive and generous at the outset and in the excitement of the move they are rarely challenged. At this point, you are also consumed by an out of control ‘to-do’ list and have no time. The funds instantly disappear into your current (checking) account whilst unimaginable hidden costs continue to pop up like a bad rash; each one feeling like a blow. Although I hold no grudges, the feelings associated with these experiences, stubbornly remain and are inextricably linked to my ex-employer's brand.

On the other hand, decades later I remember the flowers left on the kitchen table by our relocation agent; I remember the wonderful moving crew who engaged with my 5-year-old daughter and packed her favourite toys in a box marked ‘Sophie - special’ to be offloaded first; I also remember my father’s assistant who welcomed us to the new office/country and showed my 6-year-old self around the office holding my hand. These moments are priceless, cost little yet get little or no attention in policies or RFP’s. There are many wonderful global mobility providers who offer this level of detail. My wish for 2021 is that clients shift their focus to ensure these personal touches are delivered, whether by the employer or the sub-contractor. The shift from short term cost to long term value is long overdue in our industry. In other words, pay as much or more attention to talent retention as to recruitment. After all, a lifelong brand Ambassador has to be worth something.

If you do use lump sums, my advice is to know exactly what they are meant to cover or supplement and communicate it clearly. If something is not covered but commonly requested, state this explicitly upfront. Most employees get over it and appreciate the transparency. Oh, and another thing, how about rebranding to a more palatable name. Any ideas?

P.S. I am playing devil’s advocate; lump sums do have a place in talent mobility 😉

Bad Habits and Lazy Recruitment - Where is Global Mobility heading?

“Life will return to normal”, a thought now mostly abandoned, except by a handful of die-hard optimists. I have to confess, however, that I hope it will not, which may sound strange given my passion for global mobility, travel and all things foreign. Let me rewind for a moment near the beginning of the first lockdown.

I recently met a lady for a charity dog walk and instead of the usual blank look at the mention of global mobility, she immediately responded with “how very unfortunate”. My ego was bruised but I recovered quickly and reluctantly admitted this was a perfectly reasonable conclusion given the current pandemic. After all, in terms of physical displacements, Covid-19 has pretty much brought the world to a standstill.

The conversation made me reflect on how global mobility will evolve and I embarked on a lively debate with myself: what purpose does it serve? Could less be more? - after all, too much jetting around the world is not good for our health, our wallets or the planet.

Here are some highlights and crystal ball predictions that ensued from those reflections:

  1. For years to come we will travel less. People and organisations will think much harder before jumping on a plane. I predict a greater and longer-lasting impact on business travel. Tourism is more likely to (eventually) resume to pre-pandemic levels.
  2. Long term assignments will be more selective - let’s be honest, some of these roles could/should be performed by local talent. This is an opportunity for GM to collaborate strategically with our talent development and acquisition teams. Business travel will also reduce, perhaps drastically.
  3. Remote/virtual assignments will increase - for companies to be successful on a global scale, this means developing awareness in softer skills such as emotional intelligence and cross-cultural skills, as well as remote leadership training. This is a skill set all individuals working with international colleagues would benefit from. It can be the make or break of a project or deal.

Many of these predictions are now backed up by solid data from insightful surveys, which is reassuring, but doesn’t really tell us what global mobility should be doing now?

Each organisation is unique and the fundamental question has to be, to ask ourselves what purpose global mobility serves. Does it further our business strategy or does it serve as a ‘stay out of jail’ function. Despite the talk, few organisations have made radical changes for the good reason that GM allows us few moments to come up for air. For once, we don’t have to change the oil at 10,000 metres, we have momentarily landed and can dismantle the pieces of the airplane to have a proper look. The pandemic gives us that opportunity, a rare-afforded luxury in global mobility. Are you ready for some deep, radical thinking and to challenge your very identity?

As a first step, it means understanding our organisations well and getting much closer to our business leaders. Rather than our current ‘disaster prevention’ function, can we add more value to our organisations? If I were to redefine the function I would call it ‘global growth’ - it’s about growing the business, growing the talent, growing the mindset and that impacts much more than just the bottom line. That is a mission not a function.

Many of us fundamentally believe that international experience is a good thing yet we know that there are downsides to our health, to the world at large. So, how do we square this circle? Can we have our cake and eat it? I have plenty of ideas and will be sharing them on this blog (cue, follow us here).
If anyone out there is reading this 😉 let me know what you think? What would you re-name global mobility? Are you ready for a new identity?

Expat Academy Bite-Size Briefing

As a training partner of the Expat Academy, MoveAssist is looking forward to attending the next bite-size briefing in London on the 3rd December to hear about the latest trends and industry insights from fellow training partners. We look forward to seeing you there!

Worldwide ERC® Global Workforce Symposium

MoveAssist had a great time at the Worldwide ERC® Global Workforce Symposium where we met up with lots of new faces as well as plenty of old friends, clients and colleagues. A big thank you to everyone that came to join us for Robby’s thought-provoking presentation in the Innovation Lab showcasing how mai-assignment can provide a different approach to Global Mobility technology.

mai-assignment Version 2 released!

The latest version of our Assignment Management system, mai-assignment, will be released in October 2019 and will feature a completely new look and feel as well as extensive security features.

FEM EMEA Summit

MoveAssist will be exhibiting at the FEM EMEA Summit this November. 

Last year's event was very successful for us and we hope to build on this at this year's Summit. 

More information to follow. 

For more information on the event please click here.