We are pleased to announce that COERA is ISO27001 certified, and with this we took a next step up in Information Security Management!But what does this certification mean to us and to our clients? To find out more, we interviewed Theo and Dani, representatives of our ISMS team.
Tell me a bit about what does it mean that COERA is ISO 27001 certified? Why is it important for us to be ISO certified?
Theo:Information-and cybersecurity have become top of mind for businesses all around the world. On one hand regulations like the European GDPR made us all aware of our responsibilities in safeguarding confidential information especially related to personal information. While on the other hand the ever-increasing series of security incidents have revealed the continuous economical vulnerability of our IT eco-system.
As COERA we are in the midst of this IT eco-system by engineering and operating IT systems for our clients and with that we must take our responsibility by having a clear information security policy and relentlessly operating an Information Security Management System (ISMS).
Dani:The fact that we are ISO 27001 certified lets our clients know that we are committed to managing information assets, like, financial information or intellectual property in a secure way. This certification helps us strengthen our relations with current clients.
What are the steps of the certification process?
Dani:I would say that there are three big steps: 1. you need to define an ISMS. This system describes the organization’s approach to information security and privacy. 2. you need to implement and monitor this system. Once all of this is done, you can contract an internal auditor to let you know how prepared you are for an external audit. 3. if the results from the internal audit are encouraging, you’ll get in touch with an external auditor for the certification.
What did the certification process consist of?
Theo:Implementing a standard like ISO 27001 can easily be overwhelming, that’s why we choose to bootstrap with a prefab implementation of the ISMS based on Instant27001. It provided us with an implementation approach and a lot of standard content targeted to small and mid-sized IT companies available in Atlassian Confluence. Next to that we automated ourselves the operational part of the ISMS using Atlassian Jira to periodically schedule all prescribed audits and control verifications and keep track of the incidents and non-conformities. With both of those systems and corresponding processes in place both the internal and external audit went very smoothly.
What does this ISO certification mean for our clients?
Dani:We, as COERA, are taking all the risk regarding their information assets seriously and have a continuous process in place to mitigate these risks.
Theo:Information security is a matter of full focus throughout the IT eco-system, meaning closely working together on security topics. By having a common framework like ISO 27001 you speak kind of the same language which makes collaborating a lot easier and quicker – and that is of the highest essences concerning information security.
That’s all for now, thank your reading so far! If you have any security related questions, feel free to contact us.