Estimated reading time: 3 minutes
Information security is an essential part of the business world today. Digitalisation delivers convenience and efficiency, but also requires a secure approach. That is important for you and your customers.
At iController we aim not only to help you optimise and digitalise your credit management, but also to ensure that it is done securely. That’s why we’ve been fully committed to information security and privacy right from the start. Our efforts were recently rewarded when we obtained prestigious ISO 27001 certification!
What is ISO 27001?
ISO 27001 is an international standard that guarantees that certified companies comply with a series of stringent information security requirements. Before they can obtain the ISO 27001 label, companies must undergo two intensive audits, one focusing on the big picture and one that zooms in on the details. Only if a company passes both tests will it receive an official ISO 27001 certificate issued by an internationally recognised body.
Why is the ISO 27001 certification so important?
Official certification is becoming increasingly important. First and foremost for large, international companies, but also for SMEs. Although we had high standards from the start, we noticed that our customers and suppliers needed tangible certainty about the security of their own data and that of their customers.
That makes sense, because credit management involves a lot of sensitive information: billing information, file transfers, passwords and more. Reason enough to make information security a top priority!
ISO 27001 certification offers a solution. As a certified company, we check every decision against the standard and we pay extra attention to the information security policy of the partners we work with. That means your information is in good hands.
Obtaining the ISO 27001 certification
There are six steps on the road to certification:
- understand the standard
- create a risk assessment
- implement a risk treatment plan
- prepare an official statement on the standards applied
- perform an overall analysis
- create an information security policy
In the run-up to certification we worked with an external partner to produce an extensive analysis of our procedures and working methods. One by one, we tested these against the standard and adjusted them where necessary. Via an online platform we then gave an extensive presentation that covered all policies, controls and risks. This involved not only the security team, but the entire team, ensuring that information security extends to all layers of our organisation.
Of course, technology doesn’t stand still. We are continuously improving our processes wherever possible so we can always guarantee optimum security. But we go even further! Whereas ISO 27001 certification requires an annual standard audit on a limited number of action items, we decided to extend the internal audit to the entire information system. That means you can rely on our tool with confidence!