The role of ISO 27001 certification in our business
The certification covers 9 iLOQ sites around the world. Especially in Central Europe it is already being seen as a positive attribute that is enabling us to attract new business in the region. The new sites added since the implementation of ISO 27001 will be brought under the scope of the certification within three years when we are next up for recertification. The related practices will be implemented well before that time of course.
ISO 27001 is particularly important because we operate in the domain of digital access management.
This particular certification was important to us as we are operating in the domain of digital access management. Information security is not only a factor that is vital to our own operations, but it is an absolute must for the solutions we provide to our customers. Also, compared to the ISO 9001 Quality Management System and the 14001 Environmental Management System which have already been in place for a number of years, the ISO 27001 requires quite a bit more work to implement across an entire international organization.
Implementing a new management system in challenging times
In addition to the framework that was well known from the other ISO certifications, the information security standard comes equipped 114-control-point Statement of Applicability (SOA) that requires plenty of additional work and a strong commitment from the entire organization from top management to every last employee in all the different country offices. Running this project during the pandemic period added its own challenges to the journey.
Running this project during the pandemic added its own challenges to the journey.
We have been lucky at iLOQ during this challenging time. Our early emphasis on digitalization has meant that we have had the tools in place to even carry out the internal audit processes fluently without on-site visits. Everything has been done remotely. These same challenges could have been a hurdle for implementing the new operating models and best practices if we didn’t have such strong digital tools and platforms in place for internal communications.
A real commitment across the entire organization
Implementing new management systems across entire international organizations is a considerable undertaking that takes time and resources. With clear dedicated resources for the ISO 27001 and the strong support of management, iLOQ was able to run the process through in just over 6 months. Getting to where we are now required a lot of internal communications, online training and integration of procedures into everyday work.
A key factor for successful implementation has included the active role taken by our top management in terms of internal communications and support.
In addition to the strong commitment of our IT, R&D, different country organizations and the HR department, a key factor for successful implementation has also included the active role taken by our top management in terms of internal communications and support in this matter. The work that obtaining ISO 27001 Information Security Management System (ISMS) certification requires has now been done. But maintaining these high standards is sure to keep an internationally expanding and growing company like iLOQ busy, and it is something we must be committed to every day when we come to work. Annual interim audits and the requirement for recertification every three (3) years will keep us focused.