- We have been working closely on this for almost a year and a half, Raisoft's Information Security Officer Peter Jansson says with satisfaction.
A five-member team has been the driving force behind this project, but in the final phase, the effort grew as the team leaders improved their responsibilities. The implementation of new security practices for all staff has been an essential part of the certification process.
DNV GL's lead auditor Olli-Pekka Pahnila says that the requirements for this standard are more strenuous than in other management system standards, as many of them are mandatory. (mandatory requirements and controls)
Raisoft's management team decided to launch the certification process more than two years ago, but at the time, the GDPR Data Protection Regulation, which came into force in May 2018, delayed getting the project up and running.
- This has been a busy project that has required perseverance and commitment. As a company, it was clear to us that we were going to work to achieve certification, as achieving internationally accepted certification is a significant advantage for us, especially in foreign competitions, CEO Robert Åström explains.
In large competitive tendering, software vendors usually receive a long list of requirements, many of which deal specifically with security issues.
- When we can say that we have ISO / IEC 27001 certification, we can acknowledge the long list of requirements in one document, Peter Jansson describes. He also explains that in addition to international competitions, certification is also becoming interesting in Finland.
DNV GL's Olli-Pekka Pahnila confirms Raisoft's view:
- Experience has shown that an internationally recognized certificate issued by an accredited certification body has a positive effect on trade and the demonstration of the level of information security.
Security Officer Jansson states that although he is now in a good mood and has a new certificate on the wall of the office, his hard work won't stop in improving our security.
- This audit is now valid for three years. There will always be a more limited interim audit each year and the next full-scale audit in the spring of 2023.
Jansson is proud of his team and all Raisoft employees who were closely involved in the effort.
- Technology, firewalls, and other simple solutions are important for information security, however, remember that people are the most important link in the chain.