This article is based on an interview with Brian Taylor - the Plus Your Business ‘ISO compliance officer’.
CRM systems like HubSpot help businesses store vast amounts of customer data. However, storing data has real modern-day challenges. Data management can bring with it potential security issues. Matching HubSpot management with ISO 27001 requirements can boost security and improve compliance.
Taking control of your data's security, confidentiality, and integrity is critical. For example, a Cyber Security Breaches Survey found that 50% of businesses had a cyber breach last year. Accessing a higher level of security can make a real difference. It can prevent financial issues and potential legal problems.
This article discusses ten ways to secure your information assets. Work through each item to establish best practices in your organisation.
When it comes to information, always consider its confidentiality, integrity, and availability. These three areas are the CIA Triad, a guiding model in information security. Your security strategy should make every effort to minimise threats to these areas.
It is a guiding model in information security. Your security strategy should make every effort to minimise threats to these areas. Follow these three points above to boost your data security.
Safeguarding customer data in your organisation should be a priority. You can use an access control system to ensure only authorised personnel can access data. You can do this by categorising the information into various levels. For example, you could separate the data into public, restricted, sensitive or confidential.
You can set up access to HubSpot CRM data on the principle of least privilege. When you do this, people can only access what they need to perform their role. Also, check that only authorised personnel can access any sensitive information. Your company must make a point of reviewing and updating this access.
Another best practice to improve data security is configuring user authentication methods in HubSpot. Taking the time to do this will make your security as robust as possible. There are three ways to do this on HubSpot:
As the name suggests, SSO allows users to sign in once to access all their applications and services. This article explains how to set up SSO in HubSpot. Additionally, remember to update the HubSpot platform itself to protect against vulnerabilities.
For ISO 27001, you must identify and assess risks to your CRM data. This tracking also applies to third-party vendors who have access to your data. You are responsible for ensuring they follow security policies and ISO 27001. You can use HubSpot to:
Automation is critical if you work with many third-party vendors. HubSpot can help you stay on top of them all and ensure compliance. You can find out more about GDPR compliance in HubSpot here.
Legislation can change, but you can use HubSpot to manage and track information about ISO 27001 requirements. Here are a list of some of the things you can do inside HubSpot to help you:
A business continuity plan can help you stay on track if a crisis hits your company. It outlines the directions and procedures your company should follow. Such a plan ensures your business operations continue during the crisis. Once you have created the plan, you can set things up in HubSpot to help you:
You should establish a designated person or team to monitor security updates and patches in HubSpot. You can access these security updates in HubSpot’s Trust Centre. Your designated person or team will also be able to access necessary documents and reports to ensure your HubSpot platform is secure.
Your organisation must report every security incident. Not only is this the law, but it can also help to improve your data security processes. Create a comprehensive information security policy that outlines how your company manages data security. Don’t forget to check that this aligns with ISO 27001 requirements.
Here is a ten-step process to help you set up an incident management system in HubSpot:
Step 1
Review the specific clauses of ISO 27001 related to incident management - particularly Annex A.16 (Information Security Incident Management)
Step 2
Define an incident management process, establish your incident response policy and procedures, and define your roles and responsibilities.
Step 3
Set up customer properties in HubSpot to capture all the incident details, such as the type of incident, severity, status, date it happened and date reported.
Step 4
Create incident record types in HubSpot. Use custom objects or the ticketing system to manage incidents.
Step 5
Create incident management workflows to automate your incident tracking and escalation process.
Step 6
Report and log your incidents via incident reporting forms that your employees and stakeholders can use.
Step 7
Set up automated notifications in HubSpot so the relevant employees know when an incident occurs.
Step 8
Create an incident response and resolution system. You can also assign certain individuals to handle this.
Step 9
Conduct post-incident reviews to assess the cause and impact of the incident. Store the reports in HubSpot for audit and compliance purposes.
Step 10
Review and update the incident management process. You can also use HubSpot reports to check for incident trends and response times.
Internal and external audits are crucial to maintaining and improving compliance with ISO 27001. Internal audits can help you identify and mitigate risks and prepare your business for external regulators' audits. Externally, stakeholders can have confidence that your business is fully compliant. You can use HubSpot to help you by:
Once you have conducted audits, you can generate reports for HubSpot. These reports can help you to check audit progress and findings. The reports can help you identify and address any gaps and take action to improve things. You can also customise dashboards to monitor key metrics related to ISO 27001 compliance.
Encrypting your data is imperative, with so much of it flying around. You must encrypt your data when it is at rest and in transit. Encrypted data stops people from changing, compromising or stealing data. It scrambles the data into a secret code, and only a unique digital key can unlock it.
Thankfully, HubSpot automatically encrypts data. All communications between a web client and HubSpot servers are protected using TLS (1.0, 1.1, 1.2) protocol encryption using 2048-bit keys. You can find more information here. HubSpot servers also use state-of-the-art storage infrastructure to prevent data loss for data at rest.
ISO 27001 requirements are strict. Paying attention to its control categories can help you boost your data security. Work through the ten areas above and leverage HubSpot to its full potential. It will help you safeguard your CRM data and meet ISO 27001 requirements.
Want to learn how HubSpot can help you? Contact me here, and I’ll be happy to discuss your needs. You can also email me at martin@plusyourbusiness.com.
If you’d like to learn more about ISO certification for your business, then please contact brian@isoguy.com (PYB ISO compliance manager).