ISO27001 certification difficult? Not anymore!
BlueDolphin is ISO27001 certified, which means that we meet the international norm for information security. With the ISO27001 certification we prove that we structurally control the quality of the internal organization, processes and technology and that the quality of this control is and remains of the highest level. Of course we are delighted, but when we started, we discovered that obtaining the certification is not an easy process.
The entire organization screened
Keeping your information security in order is extensive: think of the security of our own data and infrastructure as well as the data of our customers, the use of laptops, privacy data of our employees, the screening of new colleagues and cooperation with subcontractors and partners. In short, the entire organization was screened and a team was formed with the aim of becoming ISO27001 certified. An intensive process that involved various departments and a large number of colleagues.
“We received excellent assistance with our certification from QSN, the consultancy company for certification guidance. They gave me a Bluebook, with all the steps required for ISO certification”, says Jordy Dekker, COO at ValueBlue. “Because so many different steps are involved and such certification will take a lot of time, we wanted to create coherence, a navigation between the steps. Without that navigation, it takes both ValueBlue, the ISO consultants and the ISO auditors a lot of time to put all steps together, to be able to assess them in relation to each other and to monitor progress properly. ”
Having ISO 27001 certification means that you meet all requirements regarding information security, including GDPR. It is a globally recognized standard that demonstrates that you have taken measures against information security risks and that you comply with the Personal Data Protection Act.
Overview in BlueDolphin
“To give ourselves visibility in the steps to be taken, the coherence of those steps and the people involved in each step, we have incorporated the ISO 27001 standard as a navigation in a visualization in BlueDolphin. This created a landing place for everyone involved with ISO27001.”
This is what the overview shows:
- Which items are part of the ISO27001 standard and what do you have to do for it?
- What information is exchanged between the ISO components?
- Who is responsible for an ISO component?
- What is the status per ISO component?
- Which parts belong to the ISO standard and which apply specifically to ValueBlue as part of the “Declaration of Applicability”?
- When was an ISO component last updated?
- Hyperlinks to consultation structures and records (link to Teams / SharePoint).
- Hyperlinks to measures and its management (links to Teams / SharePoint).
For your organization too
“This overview has helped us tremendously in making the process of ISO certification fast, efficient and cost-effective. And the good thing is, we don’t keep our structured approach and navigation to ourselves, but we’ve added the standard template to the tool sets within BlueDolphin. Organizations that use BlueDolphin and want to keep grip and have control over the management of their own ISO27001 certification, can now immediately start using the standard approach for ISO27001 certification”, says Jordy.