Welcome to Protify.

In accordance with cookie legislation and our privacy policy, we only place strictly necessary functional cookies. 😊

For visitor analysis, we use Google Analytics (also cookieless). May we also place some Google Analytics analytical cookies to gain a better understanding?

Implementation of ISMS in own ERP system at Voclarion

Written by Patrick van der Weide

Client cases

Patrick van der Weide* of Voclarion has carried out the implementation of the ISMS for Voclarion as Security Officer and rope puller. Voclarion decided to start working with ISO certification. Since they participate a lot in tenders and were therefore looking for a framework for their ISMS. They chose to implement the ISMS in their own ERP system. Patrick talks about how they implemented the ISMS in their ERP system and how they experienced it. And how they achieved their ISO 27001 certification.

About Voclarion

Voclarion is an IT company that also focuses on software development. They started developing an independent VoIP telephony platform in 2003. This in-house developed platform is used worldwide by enterprises, government and non-profit organisations. Since 2014, Voclarion has also focused on the healthcare sector and SMEs.

How did you get in touch with Protify?

Patrick first read up on ISO 27001 the information security standard himself and wanted to implement this certification himself at Voclarion. To do this, Patrick started looking for an online system or framework. Patrick therefore looked for a party that could offer this solution. After contacting several parties, he ended up with Protify because they had the most honest story about expectations.

Why comply with ISO 27001?

Voclarion opted for ISO 27001 certification because since the implementation of AVG in 2018, contracting authorities are increasingly including requirements for ISO 27001. They regularly participate in tenders, so they saw the need for this. This was also immediately a good starting point for content improvement. Implementing an ISMS gives you the tools for this.

Content improvement

Voclarion grew organically and set up from its own experience, not necessarily with a particular structure. In the VoIP market, many things have changed, for example, solutions used to run on premise (on site) at the customer’s premises, now in the cloud. That means the software also has to be adapted accordingly. ‘Because of these changes, you have to make sure you shape this properly. For example, think about rules, that not everyone is allowed to enter their own server room. Through the certification process and application of the ISMS in your organisation, you are moved to think about things you might not otherwise think about. To make sure you can meet the requirements set by the standard.’

Plan-Do-Check-Act: continuous improvement

‘Protify made us realise that continuous improvement is a key pillar of your ISMS. It is all about the Plan-Do-Check-Act (PDCA) cycle. When reading the standard and seeing the rules, you don’t really realise this at first. By actually working with the system, you see how the system is structured and you can make sure you meet the requirements. This method also helps you as an organisation learn where the pain points are. For instance, as part of your ISMS, you carry out a risk analysis. Standardised risks are drawn up here, prompting you to think about your organisation’s risks and where those pain points lie for you. To then determine how you can make improvements here.’

Implementation of the ISMS

Voclarion implemented the ISMS in their own comprehensive ERP system. In this system, they could already work with recurring tasks, define task, set deadlines and communicate about the work within a task). In the ERP, employees register their hours, tasks, work and communicate about it. Since people could already find their way around this system well, they decided to keep it. Besides, they wanted to keep everything centralised, all business processes would be integrated. The risk analysis and control measures proved difficult to implement in the ERP, despite taking a bit more work, this proved to be the best solution.

Audit

Only two minor shortcomings were found during the audit, which they were able to correct in the following period. Patrick is satisfied, they were highly complimented on their level of implementation, as they were already at a point where other organisations are normally only after a year. The audit was not only for Voclarion but also for sister company The IP Company, which provides a communication solution for maritime vessels. “The IP Company was already at an advanced stage of implementation of the ABDO2019 standard, a kind of maritime equivalent of ISO27001,” says Voclarion. ‘The certification process of ISO27001 and Protify’s guidance helped us tremendously, also putting the ISMS in line with ABDO2019 much better,’ says Patrick.

The ISO 27001 certification process and Protify’s guidance helped us immensely, including much better establishing the ISMS in line with ABDO2019.

Do you also want to comply with ISO 27001 or advice on implementing an ISMS?

Get in touch with us and we will be happy to discuss how we can help your organisation.

*) Patrick has not been employed by Voclarion since 1 January 2022.

Avatar photo

Patrick van der Weide

As a freelance consultant affiliated with Protify, Patrick supports clients in the role of CISO or security officer and/or as a project contributor. Patrick has an academic background in law, broad operational IT experience, and is CISSP-certified.

Other articles on our website

GDPR

What is a Gap analysis for ISO 27001 certification?