Information security has always been a top priority for us at Netigate. Now we have taken this to a new level by becoming ISO 27001 certified. A globally recognised stamp of approval, ISO 27001 certification is a symbol of the high standard of information security practises that we follow. In this article we talk with Jonas Bredin, Netigate’s Chief Technology Officer, about what ISO 27001 means for the company and why we’re so pleased to be certified.
Let’s take it from the top: What is ISO 27001?
ISO 270001—or ISO/IEC 27001:2013, as it’s formally known—is the international standard outlining best practises for Information Security Management Systems (ISMS). To put this more simply, an ISMS is essentially a group of procedures, processes and guidelines that help us to make sure we’re handling our data in the safest, most secure ways possible.
When we talk about data here, we mean that in a pretty broad way. It includes everything from client data and HR data security through to physical entry points to our buildings and delivery areas. The certification also covers all aspects of the development, delivery and operations of our online service, as well as our legal and physical entities in Sweden, Norway, and Germany. In sum, these information security standards are incredibly wide reaching!
“We’ve always been serious about security here at Netigate, and gaining this certification demonstrates that we have robust, best-practice information security processes in place.”
Jonas Bredin, Chief Technology Officer at Netigate
What are the benefits of being ISO 27001 certified?
There are so many benefits to being ISO 27001 certified. We’ve always been serious about security here at Netigate, and gaining this certification demonstrates that we have robust, best-practice information security processes in place. The framework and ongoing audits are also a great way of making sure that we remain structured and focused in this area.
The standards that make up ISO 27001 also align with regulatory requirements that we are legally obliged to follow. Take the EU General Data Protection Regulation (GDPR), for example. Netigate and our servers are EU-based, which means that we operate under GDPR. The requirements necessary to do business under these regulations are increasingly rigid, and ISO 27001 is designed to make sure that we can continue meeting them.
What was the ISO 27001 certification process?
There were a number of key steps along the road to becoming certified. First of all, we needed to develop a clear plan and assign someone to lead the certification project. It was then essential that we got everybody on board with the process. Information security isn’t just the responsibility of IT; every department and individual across the company has a duty to handle and store data securely.
Next, we needed to perform a risk assessment to analyse our processes and what fixes or improvements might be required. Once we began working on our findings, it was important that we documented the actions we were taking. This meant that when it was time for the audit we could provide a detailed outline of the security procedures, policies and activities we had in place.
How will these changes affect Netigate customers?
Getting ISO 27001 certified is more of a behind-the-scenes project. This means that our customers’ day-to-day work with Netigate and the tool won’t change. What it does mean, however, is that they can rest assured in the knowledge that we take good care of our data and theirs. We make a promise that your data is safe with Netigate, and ISO 27001 certification is another great way of demonstrating that.