ISO27001 certification difficult? Not anymore!
BlueDolphin is ISO27001 certified, which means that we meet the international norm for information security. With the ISO27001 certification we prove that we structurally control the quality of the internal organization, processes and technology and that the quality of this control is and remains of the highest level. Of course we are delighted, but when we started, we discovered that obtaining the certification is not an easy process.
The entire organization screened
Keeping your information security in order is extensive: think of the security of our own data and infrastructure as well as the data of our customers, the use of laptops, privacy data of our employees, the screening of new colleagues and cooperation with subcontractors and partners. In short, the entire organization was screened and a team was formed with the aim of becoming ISO27001 certified. An intensive process that involved various departments and a large number of colleagues.
It soon became apparent that the processes needed to realize all this were not well-organized. “I received a Bluebook from QSN, the consultancy company for certification guidance, but that document cannot practically be used as navigation between all components,” said Jordy Dekker, COO at ValueBlue. “Without that navigation, it takes both ValueBlue, the ISO consultants and the ISO auditors a lot of time to search for all parts, to be able to put them in relation to each other and to monitor progress properly. This would have taken a lot of time and wouldn’t sufficiently cover the risk to be sure that all required ISO components are met.”
Having ISO 27001 certification means that you meet all requirements regarding information security, including GDPR. It is a globally recognized standard that demonstrates that you have taken measures against information security risks and that you comply with the Personal Data Protection Act.
Overview in BlueDolphin
“To give ourselves visibility in the steps to be taken, the coherence of those steps and the people involved in each step, we have incorporated the ISO 27001 standard as a navigation in a visualization in BlueDolphin. This created a landing place for everyone involved with ISO27001.”
This is what the overview shows:
- Which items are part of the ISO27001 standard and what do you have to do for it?
- What information is exchanged between the ISO components?
- Who is responsible for an ISO component?
- What is the status per ISO component?
- Which parts belong to the ISO standard and which apply specifically to ValueBlue as part of the “Declaration of Applicability”?
- When was an ISO component last updated?
- Hyperlinks to consultation structures and records (link to Teams / SharePoint).
- Hyperlinks to measures and its management (links to Teams / SharePoint).
For your organization too
“This overview has helped us tremendously in making the process of ISO certification fast, efficient and cost-effective. And the good thing is, we don’t keep our structured approach and navigation to ourselves, but we’ve added the standard template to the tool sets within BlueDolphin. Organizations that use BlueDolphin and want to keep grip and have control over the management of their own ISO27001 certification, can now immediately start using the standard approach for ISO27001 certification”, says Jordy.