ISO 27 001 is the most important international standard in the field of information security. It involves the introduction of an information security management system (ISMS) – a systematic approach that encompasses people, processes and IT systems.
We recently successfully passed the initial certification according to ISO 27 001 : 2022. The certification covers our entire company and therefore applies to all our products.
Contents
What is the added value of ISO 27 001?
Our ISO certification offers several advantages for us and our customers:
- Increased security: We have introduced an information security management system (ISMS) that meets international standards. This ensures that we have a functional, robust, evolving system to protect data.
- Compliance: Our ISO 27 001 certification provides our customers with proof that we know and implement the applicable legal regulations regarding IT security and data protection. This also supports them in complying with their legal obligations.
- Reputation and trust: Being certified shows that we are committed to information security. And that also builds trust for our customers’ customers.
- Sustainable improvement: The ISO 27 001 standard requires continuous monitoring and regular review of the ISMS to ensure that we remain at the cutting edge of security requirements and technologies in the future.
Our software is already being used more and more by companies who highly prioritize information security, such as insurance companies, banks and public institutions.
Last year, we were already awarded the “swiss made software” and “swiss hosting” labels, which recognize Swiss quality and data protection. The ISO 27 001 certification reinforces this promise.
What is the ISO 27 001 standard?
The ISO 27 001 standard takes a risk-based and goal-oriented approach: improvements are consistently implemented where actual and urgent risks exist or where current and significant goals can be achieved.
This ensures that the available resources can be used to deliver the most effective results.
The standard requires the introduction of an information security management system (ISMS) that addresses measures in the following areas:
- Compliance with applicable laws and regulations, for us in particular the Swiss nFADP and the European GDPR
- Security in using software and hardware, code reviews, regular updates, patches and backups
- Regular external penetration tests to uncover vulnerabilities and close security gaps before hackers can exploit them
- Internal guidelines and policies for information security, continuous training for all employees and consulting for our customers
- Clear management of information security incidents with ongoing evaluation and improvement
- Classification of information and assets according to confidentiality levels (asset management) and identification of appropriate protective measures
- Protection of infrastructure against intruders, fires, water damage and power outages
- Protection against unauthorized access to data through access rights and access controls, need-to-know principle and continuous monitoring of networks and systems
- Use of encryption for the transmission of sensitive information, guidelines for the secure use of communication channels
- Security in supplier and service relationships through audits, contracts and regular reviews of suppliers
- Developing and continuously updating plans for system maintenance or recovery in emergencies and crises (business continuity management)
The management system thus enables a continuous improvement process in all areas of information security.
What does certification for ISO 27 001 cost?
The financial outlay for ISO 27 001 certification can vary greatly depending on the size, complexity and structure of a company.
In our Open Startup Report for December, we already briefly announced the costs for our initial certification: CHF 20 820 (including certification for ISO 9 001).
This does not yet include the personnel costs that we have expended for the preparation of the certification and that we will continue to need for the continuous implementation of the required standards.
Read our detailed background article to find out more:
Inside ISO: How we passed ISO certification as a young startup (and you can too)
PS: Find an overview of our certifications and awards here.
Friendly in your inbox? Sign up for our newsletter.