According to the 2019 research of the Technical Committee of the International Organization for Standardization (ISO), there are 36 362 dishes of ISO 27001 certificates about information security. The Technical Committee assured that, parallel to the pandemic, the number of invitations participating in subscriptions was comparable to the meeting. The current certificates for all ISO standards have jumped over three percent. Why do companies decide to get 27001?
ISO 27001 is the international standard. Its scope includes a set of requirements relating to the creation, maintenance, and development of information security management systems. And although even uncertified companies often follow the best practices regarding data protection management, ISO remains a clear and stable sign confirming their knowledge and implementation of the adopted guidelines.
– Both for us and our clients, especially new ones, it is important to officially confirm the quality of data protection entrusted to us by an external, independent certification promotion – says Andrzej Gontarz, IT Manager at Hicron. – ISO 27001 proves that we know what to do with data, how to use it, and how to store it, so as not to expose the customer to the risk of information loss or compromise.
Hicron, a company from Wroclaw providing IT implementation services, carried out certification in the times of the coronavirus and the epidemiological regime.
Pandemic and the certificate
On pointing out that despite the inconvenience, including the principles of conducting activities during a pandemic, it is a good time to take care of increasing safety: – The dynamics of development of some of our clients’ businesses have changed. Thus, we decided to use the moment, and instead of waiting for a pandemic to be gone – start to implement new solutions – explains Gontarz. The IT manager also adds: – Preparations for obtaining the certificate have been made for many years. The team I lead has been aware for a long time that it will be necessary to have such a certificate to implement certain topics. Obtaining ISO 27001 is a confirmation of our previous activities and vision of development.
ISO 27001 is just the beginning?
Many years of preparation for obtaining ISO 27001 may mean that, as in the case of Hicron, the company complies with the good practices underlying the above standard even before certification. It concerns, for example, the aspect of the implementation of activities undertaken. To make it happen, the IT team works closely with each area of the organization. In the case of Hicron, there are about thirty different project structures.
Andrzej Gontarz noted that there is also an easier solution available. ISO 27001 allows you to gain access to areas of the company, which can be a rundown, allowing you to get a certificate, while at the same time functioning of a significant part of the organization on passing the rules. – We think long-term, that’s why we decided to certify the entire organization. Our goal is to achieve the TISAX standard – reveals Gontarz.
TISAX (Trusted Information Security Assessment Exchange) is a European certificate entitled Although it has many features compliant with ISO 27001, it has a holistic approach to the organization and all its processes. Besides, it expands the field of activity with specific aspects of the automotive industry, such as prototype protection.
The time of the pandemic in business is used by conscious organizations to prepare for a strong start after a renewed economic boom. Specialists confirm that strengthening the position of data security, programs, and remote work to areas that are not worth delaying.