Share this
Ensuring Information Security: Crystalloids passes ISO 27001 Audit
by Crystalloids Team on May 23, 2023 9:24:53 AM
In today's digital age, information security has become paramount for organizations across various industries. To maintain the highest information security standards, many companies opt for ISO 27001 certification Information Security Management System (ISMS), which requires undergoing regular audits.
Crystalloids began the ISO 27001 implementation process in 2020 and received their certification in 2021. Last week we successfully passed the ISO 27001 External Audit with no significant findings identified. How did we achieve this?
In a recent interview, Ronnie Bathoorn, Crystalloids’ information security officer, sheds light on the purpose and process of such audits and how the ISO certification sets us apart from many other small businesses.
What is ISO 27001 certification, and why did Crystalloids apply for it?
“Our organization deals with significant amounts of customer data, particularly in marketing. ISO 27001 certification assures our customers that information security is our top priority. The initial request for certification came from one of our ISO-certified customers, as it builds trust and improves collaboration with other certified organizations. Their request motivated us to pursue ISO certification and align with their standards.”
What was the purpose of the ISO 27001 audit?
“The main objective of the audit was to obtain and maintain ISO 27001 certification. To retain the certification, organizations must undergo an annual audit. The certification ensures that the company has implemented robust information security policies and measures to safeguard sensitive data.” Ronnie explains.
What did the ISO 27001 audit process entail?
“The audit is conducted by an external company called Brand Compliance, which is a certified auditor. They visit the company's office to assess compliance with ISO 27001 standards. The audit includes evaluating physical security measures, such as access controls and entry procedures, along with other aspects of the company's information security practices.”
Can you name some procedures that Crystalloids put in place to become ISO 27001 certified?
“We have set the rules for office access control. Entry to the office is restricted by key fobs and access is granted based on an onboarding process. New employees receive a tag to access the premises, and when an employee leaves, they return the tag. The company maintains detailed records and procedures to track access authorization, which is reviewed during the audit.
Our information security applies to everything we do with data internally or externally. When starting work for a new customer, we request access to their data. Similarly, when we stop working with a customer, we have an off-boarding process in place to ensure that access is revoked. This practice ensures that only authorized individuals have access to the data, minimizing any potential risks.
All our MacBooks are encrypted, and we have recently installed software to verify their encryption status. This step ensures that if a MacBook is lost, the data remains secure and inaccessible to unauthorized individuals. Encryption adds an extra layer of protection, as without the login credentials, the data cannot be accessed.
We also have a change management procedure which means that before the software is pushed to production, it is tested. If the deployment to production fails we have a way to roll back to a previous version.”
What are the benefits of working with an ISO 27001-certified company?
“Businesses get enhanced security, trust, compliance, risk management, streamlined processes, and a competitive edge. Crystalloids' certification ensures strong information security measures, giving customers confidence and reducing the risk of data breaches. It also helps businesses comply with regulations and protect sensitive data.
Our certification streamlines internal processes, ensuring customer data is kept confidential, intact, and always available. Partnering with Crystalloids shows a commitment to security and gives you a competitive advantage in the market.”
Conclusion
ISO 27001 is a vital framework for organizations seeking to establish a robust information security management system. By implementing ISO/IEC 27001, businesses can enhance their information security posture, achieve regulatory compliance, build trust with stakeholders, and gain a competitive advantage. While the certification process may require effort and dedication, the long-term benefits make it a worthwhile investment in securing valuable information assets.
Share this
- November 2024 (5)
- October 2024 (2)
- September 2024 (1)
- August 2024 (1)
- July 2024 (4)
- June 2024 (2)
- May 2024 (1)
- April 2024 (4)
- March 2024 (2)
- February 2024 (2)
- January 2024 (4)
- December 2023 (1)
- November 2023 (4)
- October 2023 (4)
- September 2023 (4)
- June 2023 (2)
- May 2023 (2)
- April 2023 (1)
- March 2023 (1)
- January 2023 (4)
- December 2022 (3)
- November 2022 (5)
- October 2022 (3)
- July 2022 (1)
- May 2022 (2)
- April 2022 (2)
- March 2022 (5)
- February 2022 (3)
- January 2022 (5)
- December 2021 (5)
- November 2021 (4)
- October 2021 (2)
- September 2021 (2)
- August 2021 (3)
- July 2021 (4)
- May 2021 (2)
- April 2021 (2)
- February 2021 (2)
- January 2021 (1)
- December 2020 (1)
- October 2020 (2)
- September 2020 (1)
- August 2020 (2)
- July 2020 (2)
- June 2020 (1)
- March 2020 (2)
- February 2020 (1)
- January 2020 (1)
- December 2019 (1)
- November 2019 (3)
- October 2019 (2)
- September 2019 (3)
- August 2019 (2)
- July 2019 (3)
- June 2019 (5)
- May 2019 (2)
- April 2019 (4)
- March 2019 (2)
- February 2019 (2)
- January 2019 (4)
- December 2018 (2)
- November 2018 (2)
- October 2018 (1)
- September 2018 (2)
- August 2018 (3)
- July 2018 (3)
- May 2018 (2)
- April 2018 (4)
- March 2018 (5)
- February 2018 (2)
- January 2018 (3)
- November 2017 (2)
- October 2017 (2)