An interview with Patrick van der Weide
Patrick van der Weide* worked as a freelancer for Voclarion, as Security Officer and tug-of-war, carried out the implementation of the ISMS for Voclarion. Voclarion decided to get started with ISO certification. Since they participate a lot in tenders and were therefore looking for a framework for their ISMS. They chose to implement the ISMS in their own ERP system. Patrick explains how they implemented the ISMS in their ERP system and how they experienced this. And how they obtained their ISO 27001 certificate.
About Voclarion Voclarion is an IT company that also focuses on software development. They started in 2003 with the development of an independent VoIP telephony platform. This in-house developed platform is used worldwide by enterprises, government and non-profit organizations. Since 2014 Voclarion also focuses on the healthcare sector and SMEs.
How did you come in contact with Protify? Patrick first read up on ISO 27001, the standard for information security and wanted to implement this certification himself at Voclarion. For this Patrick went looking for an online system or framework. Patrick was looking for a party who could offer this solution. After contacting several parties he found Protify because they had the most honest story about the expectations.
Why comply with ISO 27001? Voclarion chose ISO 27001 certification because since the implementation of AVG in 2018, contracting authorities are increasingly including the requirements for ISO 27001. They regularly participate in tenders, so they saw the need for this. This was also immediately a good starting point for content improvement. The implementation of an ISMS gives you the handles for this.
Content Improvement Voclarion has grown organically and set up from our own experience, not necessarily with a certain structure. In the VoIP market many things have changed, for example solutions used to run on premise (on location) at the customer, now in the cloud. This means that the software also has to be adapted accordingly. 'Because of these changes, you have to make sure that you design this properly. Think, for example, of rules that do not allow everyone to enter their own server room. The certification process and the application of the ISMS in your organization make you think about things you might not otherwise have thought of. So that you can meet the requirements set by the standard.'
Plan-Do-Check-Act: continuous improvement
'Protify made us realize that continuous improvement is an important pillar of your ISMS. It's about the Plan-Do-Check-Act (PDCA) cycle. When you read the standard and see the rules, you don't realize this at first. By actually working with the system, you see how the system is structured and can ensure that you meet the requirements. This method also allows you, as an organization, to learn where the pain points lie. For example, you perform a risk analysis as part of your ISMS. Here, standardized risks have been drawn up, which encourage you to think about the risks of your organization and where those pain points lie for you. To then determine how you can make improvements here.'
Implementation of the ISMS Voclarion implemented the ISMS into their own comprehensive ERP system. In this system they could already work with recurring tasks, describe tasks, set deadlines and communicate about the work within a task). In the ERP the employees register their hours, tasks, activities and communicate about these. Since the people could already find their way in this system, they decided to keep it. In addition, they wanted to keep everything centralized, all business processes would be integrated. The risk analysis and the control measures turned out to be difficult to implement in the ERP, despite the fact that it takes a bit more work, this turned out to be the best solution.
Audit Only two minor deficiencies were found during the audit, which they were able to correct in the period after. Patrick is satisfied, they received a big compliment on their level of implementation, as they were already at a point, where other organizations normally are only after a year.
The audit was not only for Voclarion but also for its sister company, The IP Company, which provides a communications solution for maritime vessels. The IP Company was already in an advanced stage of implementation of the ABDO2019 standard, a kind of maritime equivalent of ISO27001. 'The certification process of ISO 27001 and the guidance of Protify helped us enormously, also to establish the ISMS in accordance with ABDO2019 much better.' says Patrick.
The certification process of ISO 27001 and the guidance of Protify helped us enormously, also to establish the ISMS in accordance with ABDO2019 much better.
Do you also want to comply with ISO 27001 or get advice on implementing an ISMS? Contact us and we will be happy to discuss how we can help your organization.
*) Patrick doesn't work as a freelancer for Voclarion since January 1, 2022.
Comments