Upholding the standard: Learnings from ISO 27001 Certification

Nov 24, 2017

Three years ago we secured our first ISO 27001 certification, including the year of preparation, this was more than 4 years ago! At that time our company had around 100 employees, now we are at almost 260. We’ve seen other growth as well including number of clients, extent of our software offering and the reach of our organization as a whole.

Now, as stipulated in the ISO 27001 certification, we have gone through the first full re-audit  of our organization. Looking back there were some immediate learnings for us:

  1. Start when you are small: Even though the list of requirements can look intimidating at first, there is an inherent benefit to starting such a project while you are still small. Processes and controls grow with your organization. Implementing security requirements across a bigger organization would have been much harder, cost more and would have taken much more time to complete. Now every new starter can use the tools, read the documentation that’s been put in place and contribute accordingly.

  2. Take internal feedback seriously: The work does not end with the certification. The real experts sit inside your organization, they will share valuable opinions and insight into things that might not work as expected. Even though you may not always like what they have to tell you, it is crucial that you listen carefully, try to understand and take their feedback seriously. Security-related issues are easily overlooked, even if you do external tests and audits –internal feedback is incredibly valuable and easily rewarded if your teams can see that you put their feedback into action.

  3. Publicize the benefits: Also known as marketing! At OX we can easily see that our work in this area pays off. We have been able to win business that would have been otherwise hard or impossible to win. It is a direct benefit that you see in almost every RFP. Something seen by few as a “bureaucratic monster” becomes a key business advantage when positioned correctly!

It is always rewarding to pass an audit process and a big reward for the team that made it possible. Certification has a number of benefits for customers, but most of all it provides reassurance that a service provider has met certain exacting, industry-recognized levels of performance.

I would like to take this opportunity to congratulate all members of the Open-Xchange team for their continued efforts in helping make Open-Xchange and our products as secure as can be.

 

About the author

Carsten Dirks

Carsten Dirks

COO, Open-Xchange

Categories

Related Articles

Open-Xchange launches partnership with Nextcloud

Collaborate to deliver enterprise-grade email backend support option to the wider Roundcube community Roundcube’s enterprise...

Chris Holder Aug 9, 2024

NEUBOX and Open-Xchange partner to deliver global AI first

Launches innovative AI-powered email services into the Mexican market. NEUBOX – the largest Hosting provider and one of the...

Chris Holder Jan 24, 2024

Another great CloudFest has passed…

Last week, the Open-Xchange team was at Europa-Park in Rust, Germany for CloudFest 2023. It was a very different event to...

Thorsten Einig Mar 30, 2023

Kununu crowns Open-Xchange one of its Top Companies for the...

For the third consecutive year, Open-Xchange has been named a Top Company by Kununu – and we’re very proud that the 2023...

Justin Wölki Feb 28, 2023