We did it - again! Simacan is ISO 27001 certified
We are proud to announce that we are - once again - in possession of an ISO 27001 certificate. For the 3rd year in a row! With this certificate for information security, we can demonstrate that our ISMS, our management system for information security, meets the strict conditions of this ISO 27001 standard.
Complying with the ISO 27001 standard means, among other things, that we continuously subject our processes, our systems and our software to extensive inspections. We also ensure that our employees treat information in a secure manner. This of course applies to all information within Simacan - not only business sensitive information, but also the data of our clients and the data of our own employees. This enables us to comply with current legislation, such as the GDPR.
How does an audit work?
What exactly is an audit? For Simacan this is different each year: as a relatively young scale-up, we have recently experienced quite a growth spurt. This means that this year we were able to welcome our 50th colleague (!). Because the length of an audit is calculated based, among other things, on the number of employees, the audit took 4 days this year. That is quite long. And actually, we are happy with that; everything an auditor finds is an opportunity for us to make our processes safer and provide a better service.
In practice, this audit meant that on a Monday morning, five people were ready to show the auditor what we do, and above all, how we do it. Because this audit happened during Covid19, each team member worked from his own home. Fortunately, we had been working from home for months without any problems, so a remote audit did not differ much from the daily routine. And a nice plus: this allowed us to show the quality and flexibility of our processes early on in the audit.
The start of an audit is always with a somewhat larger delegation: after the introduction of our organization by CEO Rob and COO Michiel, the rest of the audit was carried out with Rick (Operations Manager), Willem-Jan (CISO a.i.) and John (Security & Privacy Officer). Under the leadership of the auditor, the first three days this team explored the entire organization: from the internal IT and clean desk policy, to the secure development policy and compliance with laws and regulations - regularly assisted by another colleague, such as for an explanation of the working methods within HR or Product Engineering.
The last part of this audit was the physical inspection of the work environment. With this inspection, the auditor examines what the office looks like: how workstations are set up, how access to the building is organised and where sensitive equipment is located - all under the supervision of our System Administrator Tom.
This tour of the building was a bit different than normal: where the auditor usually finds the opportunity to ask one of the many colleagues some questions, it now became a stroll through an almost deserted Simacan office. With the completion of this walk, the audit was also completed. After a short deliberation, during which the auditor takes into consideration his experiences from the past four days, the conclusion is formulated.
And the conclusion of the auditor at the end of these four intens days? Including a few points for improvement for the coming year - PASSED!