Employee Advocacy programs are a great way to boost the professional image of employees and companies alike, when implemented correctly. However, as with any program, there are risks involved if caution is not exercised when choosing your provider.
Security has been largely ignored by Employee Advocacy providers as the market is still new and the risks have yet to materialize. While it is true that the risks are lower compared to many other enterprise software solutions, as much of the content and data in the platforms is meant to be shared externally, there are still some risks that need to be taken into account, especially from a platform point of view.
Security comes first
The biggest risk with an Employee Advocacy program is that employees are asked to connect their social accounts to the platform for sharing and analysis of the results. This means that the platforms need to have access to post the content that the user asks them to on their profiles and be able to access the data from that post. If someone was to gain access to this, they could potentially post things on the employee's profiles that have not been approved by the employee, causing harm to their reputation and that of the company. Employees need to trust both their employer and the platform provider to connect their personal accounts to the program. This trust must be earned by providing a safe and secure platform for them.
At Smarp we have always taken security seriously. We have a full-time Chief Security Officer who, together with his team, has been focusing on constantly improving both our technical and physical security to make sure that we are able to provide the most secure platform in our industry.
Smarp's Chief of Security Anis Ben Othman and BM Trada Lead Auditor Mārtiņš Šitcs.
ISO-Certified Employee Advocacy provider
As proof of our hard work on security, we are proud to announce that Smarp has just become the first Employee Advocacy provider to earn the ISO 27001 security certificate. The audit and certification process to gain the certificate covers a very extensive range of fields from security policies to operational continuity management, physical security, access management, compliance with legal requirements, in-house processes and backup systems. It gives rise to the regular reassessment of risks and results in constant improvement.
”Information security is a key concern for any organization. Our customers need to be sure that theirs and their employees’ data is secured,” says Roope Heinilä, CEO of Smarp. "Achieving ISO 27001 certification highlights our determination to protect our customers' data in an optimal and rigorous manner. Following this process, customers can be even more reassured that their data is protected by security procedures that comply with the best international standards."
The ISO certification confirms the good practices and procedures set up by Smarp in terms of information security and risk management. It further proves the company's commitment to quality and technical excellence and pinpoints the security of Smarp’s own data and that of its clients.
Security should be at the top of anyone's list when choosing a Employee Advocacy provider. While the risks are highly unlikely to materialize, they cannot be ignored as the risk is not just for the company but also for the employees participating in the program.
ISO 27001 is the strictest international standard in information security management. It enables companies to certify the security practices they adopt within their organisation. The main aspects governed by this standard are information integrity, confidentiality and availability. Find out more about the ISO 27001 Certification.