Then it was time for the annual ISO 27001 audit. Last year we passed the ISO 27001 re-certification easily and deftly. It has now been confirmed that we still have things under control of course and, naturally, at all three locations in Aarhus, Copenhagen and Prague as well. We are thus still part of a quite exclusive club of approximately 40 Danish ISO 27001-certified companies.
At Itadel, we have actually been able to provide ISO 27001-certified security management since 2013. The certification requires that we, as a company, can demonstrate that we have the necessary skills and resources to maintain compliance with the requirements.
This year, we chose to challenge ourselves and use the audit actively and concentrate on the customer experience. There has therefore been a strong focus on the value streams, which refer to the coherence of the processes and basically what the customers experience. So even though ISO 27001 is an information security standard, we also use it to improve the quality of delivery.
In addition, there were words of praise from the auditor - our employees are committed and dedicated, and the continued focus on competence development and resource allocation really helps to enhance the whole company's way of working.
What actually is ISO 27001?
ISO 27001 is an international standard that describes the requirements for an “Information Security Management System” (ISMS) – ISMS defines our framework for security under the standard.
The standard requires that executive management:
- Analyses and assesses security risks taking into account threats, vulnerabilities and consequences.
- Introduces effective information security management.
- Establishes a reliable process to ensure security management continues to keep the organisation secure and robust.
What does this certification mean for our customers?
Our certification means that you as a customer can acquire IT operations from an ISO 27001-certified company.
Your solutions are operated under the management of ISO 27001-certified processes - i.e. platforms that ensure your data is kept confidential, maintain data integrity and are accessible to the right people.
When we take over the operation of your IT systems, you are automatically upgraded to our high standard of processes, documentation and reporting. As a customer, it is easier for you to document sound supplier management.
5 good reasons to choose an ISO 27001-certified supplier
1. Dedicated supplier
Choosing to become ISO certified is a commitment that requires a lot of time and resources. This is precisely why you can be sure that if the supplier has gone through such a process, then the company is extremely focused on maintaining the highest possible standards.
ISO 27001 is an international standard and a certificate from an accredited and independent third party stating that the company operates systems and routines that meet the standard. It is a seal of quality and as a customer you can be sure that such a company takes security very seriously.
The ISO certification is not a one-off event. To maintain the ISO certification, the company is audited annually to ensure compliance with the standard. If the company is ISO certified, it must continually conduct security assessments and annual audits to ensure that the company's policies, processes and procedures are being carried out at an optimal level. If you choose a company that is ISO certified, you can rest assured that the company is constantly working to improve its services and that the company has up-to-date systems that you as a customer can rely on.
4. Optimal security
Continuous improvements to security checks are built into the ISO 27001 standard and are implemented with a risk-focused approach. Therefore, an ISO 27001-certified supplier will have the optimal security checks in place for the information being processed.
The certification indicates compliance. ISO 27001 is a global standard that is often referred to, both generally and in regulations, as a method for achieving good information security. With the increasing focus on compliance with laws and regulations, including the EU’s General Data Protection Regulation (GDPR), you should only choose suppliers that can prove that everything is under control. Otherwise, it may expose you to increased risk and make you liable.