What it is, what it means, and what it tells clients
We are extremely pleased and excited to announce that we have recently become certified to ISO 27001:2014. Developed by the top information security experts in the world, the standard provides for the regulation of information security management within companies, ensuring that data is kept both protected and available.
It does so by formally specifying a system of controls, known as the Information Security Management System (ISMS), that mandates precise requirements, which can then be audited and certified compliant. In particular, the standard requires the examination of an organization’s information security risks, in order to allow for the design and implementation of safeguards to prevent such risks from occurring.
The company must also adopt a comprehensive management process to make sure that these controls are maintained in a way that meets their needs on a continuous basis. Achieving this certification now means that we have an official testament to something which our clients already know and our portfolio proves: information security is of the utmost importance to us, and we handle and protect sensitive data with great care and confidentiality.
It demonstrates that we are proactive when it comes to data security threats and that we employ best practices to minimize such threats. It will also allow our future clients to rest assured, right from the beginning of our partnership, that their security concerns are our security concerns.
Why we got it
Besides demonstrating our commitment to information security, there are other benefits that motivated us to become ISO 27001 certified. For one, putting an ISMS in place is about preventing costly security breaches, and this serves to increase customer confidence in our organization.
In the rare event that such a thing occurs, having a robust ISMS allows us to reduce risk and disruption, and keep costs to a minimum. It also gives us an advantage in the market. According to statistics from www.iso.org, we are one of only 6578 companies in the information technology sector in Europe to have achieved this distinction.
In cases where certification is a prerequisite, we are able to achieve a fast turnaround time when submitting offers to potential clients. Similarly, it reduces the time, cost, and general necessity of customer and supply chain audits. Then there is the issue of compliance.
As more and more laws and regulations regarding data protection and privacy continue to arise, having a methodology that enables us to adhere to the various legal requirements within our industry in the most efficient way possible is not only important, it is essential.
Achievement of the ISO standard was the end result of a process whose beginnings can be found in the way we have always done business. Our constant attention to detail and uncompromising drive to deliver top-quality software solutions led to the development of highly standardized procedures which resulted in a smooth conversion to ISO 27001 protocols.
Nevertheless, the consultant we had previously brought in to assist us in gaining ISO 9001 certification also aided us in the accomplishment of our most recent goal. With his assistance, we were able to prepare the required documentation more efficiently and institute some new procedures that helped to increase our already high-security demands.
Throughout the whole process, employees became more aware of necessary security measures and understood, to a greater degree, their roles in this vital aspect of our business. With all of the above preparations in place, we were confident that the audit would be successful and was delighted when we received the news that we had passed it.
What we’ve learned, how we’ve improved
Going through the certification process itself was of benefit to us in a number of ways. As a company with years of experience, we know the importance of information security and how to meet clients’ needs in this regard, and this understanding is reflected in our daily routines.
However, through the process of more formally documenting our procedures, we’ve gained a higher awareness of our roles when it comes to data protection. We understand more deeply the responsibilities and expectations of all parties involved in this area, especially within the company, and we have a greater appreciation of our daily tasks as they relate to information security.
Creating this level of an order has served to strengthen our internal organization and reduce time wastage, simply by defining things such as who makes decisions, who holds which responsibility, and who is in charge of giving data access permission, and ensuring that we adhere to these controls.
It has also made us more transparent, and since our employees must now sign documentation indicating that they understand these rules and procedures, we can guarantee that people are more aware of threats and of their individual responsibility for work activities.
Why all of this is important
We feel that becoming certified will help us stand out from the crowd and continue to grow, and it’s given us a sense of accomplishment in being able to achieve another goal we set for ourselves. We view it as a recognition of the level of professionalism that we are constantly driven towards.
It goes without saying that things change quickly in the IT industry. Companies are always on the lookout for new solutions, and being able to adapt is a must. The latter is also a huge part of any ISO standard. By doing such things as monitoring, measuring, and internally auditing our system, taking any corrective actions that are needed, we ensure that it is in a continually optimal state.
This will also help us maintain a culture of security, allowing us to be aware of its importance at all times. What this demonstrates to our clients is that our standards are both consistent and high and that we strive for the same when it comes to quality.
Our goal is to build and maintain trust and credibility in our partnerships so that our clients feel confident that they’ve made the right decision in choosing our company to serve them.