Customer story on their ISO 27001 certification journey
written by Campai
The story behind our ISO 27001 certification
The ISO 27001 standard (officially ISO/IEC 27001) is an internationally recognised standard in the field of information security. The standard describes how an organisation can implement information security processes to protect business and personal data against loss or theft. By having your information security management system independently certified, you show that you comply with all information security requirements.
What does ISO 27001 mean for Campai?
Information security is more important and topical than ever. We are aware of our role, responsibility and example to our customers. We therefore treated the ISO 27001 process as an opportunity to review and improve all our processes and security. We set aside a year for the entire project.
We don't do it alone
We set up a specialised security management tool, "base27", which makes audits much more efficient. For process support, we selected Dxfferent, an agency with pragmatic consultants and knowledge of the ICT sector.
As a certifying body, we have DigiTrust chosen. And it has been very good. Good and valuable audit.
ISO a must and laborious? Diederik and Campai proved otherwise. Every time, Diederik said, " Just ff this tool and just ff this fine-tuning". Campai is not going for the World Cup, but for the Olympics. Super cool!
Jasper Horssen - Implementation consultant at Dxfferent
Risk-based security
We started by mapping all risks. A number of incidents from our industry provided realistic inspiration for this. Like the Solarwinds hack, a court ruling on the duty of care of IT companies and warnings from the FBI and US Secret Service to Managed Service Providers like Campai.
Based on the identified risks, we created a comprehensive risk management plan, wrote policies, developed procedures and created awareness among employees. We then applied the 114 technical and organisational control measures from ISO 27002 and additionally secured our ICT environment according to the principles of the zero-trust security model.
The principle of continuous learning and improvement is essential to ISO 27001. Our security team meets monthly to discuss incidents, developments and improvements to ensure we stay at the forefront of Information Security!
What does our ISO27001 certification mean to you?
ISO 27001 certification brings many benefits to Campai, but what does it mean specifically for your organisation? The ISO 27001 certificate shows that Campai:
- Is aware of and actively manages information security risks;
- Has taken appropriate technical and organisational security measures;
- Has established processes that ensure the availability, integrity, confidentiality and protection of information;
- Has integrated the PDCA (continuous improvement) concept into all its processes;
- Meets AVG requirements;
- Is a reliable partner and advisor in the field of ICT and Information Security.
We also apply the lessons and experiences gained from our ISO 27001 process in our services. The ICT audits we carry out at our customers' premises, for instance, are very similar to an ISO audit. Our aim is to be able to take information security at all our customers to a higher level.
The scope of our ISO certification
The information security policy within Campai covers all organisational units of Campai, including our services to you. The scope of the information security policy is;
Securing information in relation to advising, selling, delivering, implementing and managing ICT solutions, as well as supporting and training customers in the areas of infrastructure, workplace, cloud and security with the help of partners.
