How a security organization elevated its information security to a higher level
For an organization specialised in temporary security solutions, one question was central: how do you ensure that information security grows in line with customer expectations, legislation and the market?
The organization already held an EN 50518 certification for Alarm Receiving Centers. Even so, there was a need to further professionalise and gain demonstrable control over information security. Choosing ISO 27001 was therefore a logical next step.
In addition to the ambition to continuously improve, there was also a clear market demand. More and more clients are asking suppliers to demonstrate how information security is organised. Especially with the arrival of NIS2, cyber resilience is higher on the agenda than ever.
A clear ambition from within the organization
More than three years ago, the organization appointed a Chief Information Security Officer (CISO). This was an important step that immediately showed that information security was not only an operational topic, but a strategic priority. Information security is seen as an essential part of the company’s core service delivery.
The new CISO decided to continue and further expand the collaboration with Protify. The ambition to become ISO 27001 certified thereby took concrete shape.
“The foundation was already in good order thanks to our EN 50518 certification. As a result, we were able to intelligently reuse existing processes, measures and documentation. There is a lot of overlap between both standards, which allowed us to make rapid progress.”
Where many organizations start from scratch, this security organization was able to build on an existing structure. This not only shortened the implementation process, but also ensured a more efficient use of time and resources. Strong support from the board also enabled an efficient implementation.
How it started
A few years ago, MedITall achieved ISO 27001 certification. It soon became clear that obtaining the certificate was only the beginning.
“Obtaining the certificate is one thing. After that, the real work begins. For us, as a relatively small company, ISO should not be an administrative burden, but something that helps us continuously improve.”
Jurgen Weijer, founder and IT architect
The existing way of working felt too much like meeting requirements and too little like helping the organization improve. That had to change.
NIS2 creates new expectations
The upcoming Dutch Cybersecurity Act, based on the European NIS2 Directive, is causing organizations, among other things, to look more critically at the digital resilience of their suppliers.
Security questionnaires, audits and evidence are increasingly becoming part of tenders and supplier assessments. For many organizations, ISO 27001 is therefore becoming not only a quality mark, but also a commercial advantage.
“We notice that customers are increasingly involving us in their own information security strategy. They want to know which measures we have taken, how risks are managed and how we can demonstrate that information is processed securely.”
By investing in a mature Information Security Management System (ISMS) the organization is better prepared for future legislation as well as the increasing requirements from clients.
Smart implementation with the ProActive Compliance Tool
As part of the certification process, the organization chose the ProActive Compliance Tool (PCT), which is Protify’s ISMS platform.
The platform not only supported the implementation of ISO 27001, but also made managing the standard and the associated documentation much easier.
“The PCT significantly accelerated the implementation of ISO 27001 for us. Thanks to the predefined IMS framework, we were able to work with Protify’s consultants to quickly add content that matched our own situation.”
According to the CISO, the greatest added value is not only in achieving certification, but precisely in managing it structurally.
“The better you get to know the system, the more possibilities you discover. It helps not only with documentation and audits, but also supports the day to day management of information security. That is where it delivers added value in the long term.”
Why choose Protify?
For this organization, the combination of subject matter expertise, industry knowledge and pragmatism made the difference.
“What we appreciate about working with Protify is that the consultants understand our industry. They have in depth knowledge of information security within alarm receiving centres and security organizations. This means we can move directly into the content without first having to provide a lot of context.”
“In addition, the team is accessible and involved. When we have a question or run into something, help is always close by.”
Ready to take steps towards ISO 27001?
Do you want to be better prepared for NIS2, gain demonstrable control over information security or explore what is needed for ISO 27001 certification?
Protify helps organizations set up, implement and maintain an effective Information Security Management System. Practical, pragmatic and tailored to your organization.
Schedule a no obligation introductory meeting and discover which steps your organization can take towards a higher maturity level in information security.
