How does this work and what tips are there for preparing for your audit? in conversation with Danielle de Vaal.
You help many clients prepare for an audit, what is it like to go through this process yourself? Danielle de Vaal says that an audit is also an important day for Protify. Because we support many parties in the field of certification, we are looked at extra critically. Because it is expected that we have the knowledge as the expert. On the other hand, we have our affairs in order, so we knew we had nothing to worry about.
Background information Protify and ISO 27001
Protify has been certified for ISO 27001 since 2015, the year of its establishment. This year Protify went through a follow-up audit, which took place remotely due to COVID. For the first time, a second entity was also included in the audit, namely the ProActive Compliance Tool (PCT), which is officially integrated into Protify's management system as well. As a result, the auditor paid close attention to the process of this and what services are provided. This way the auditor has a good picture of how the organization is structured.
Continuous improvement is an important part of maintaining your management system and in the certification process. The auditor looks specifically at the improvements that you as an organization have applied. This means that every year you raise the bar again for your organization.
Can you talk a little more about the continuous improvements? Improvements are essential, for example think about what means you can use to improve your Information Security Management System (ISMS). We don't develop software (which many companies do that go through ISO 27001 certification), but provide services, which means that the requirements are different for us, which is different for a physical product. For example, we store a lot of data and it is important to know what happens to it and how to store it safely. For us, the focus is on monitoring: 'How can we ensure what, meets the requirements'.
An improvement that Protify itself has implemented in the past year is the performance of an IT audit on its own IT systems by an external party. To get even more certainty whether what we do is right and to learn from this to improve it. So that we can contribute even more to the integrity of the way we handle information within Protify.
Were there any questions that you found difficult? Wij ademen informatiebeveiliging geeft Danielle aan, toch zal je altijd zien dat er soms net een bepaalde control wordt behandeld waar je wellicht iets minder aandacht aan hebt besteed. Mocht jij tijdens een audit hetzelfde hebben of wellicht een vraag niet kunt beantwoorden? Dan geeft Danielle als tip, wees hier altijd eerlijk en duidelijk over en verzin geen antwoord. Bedenk dat je de audit voor jouw bedrijf doet en niet voor de auditor.
When you talk about certification and about an ISMS, it's an ongoing process and a way of working in your organization. It has to be in the DNA of your company.
Do you have more tips for preparing for the audit?
What's important is that you don't think, I'm going to get started with my audit, but work on your management system as part of your business process throughout the year. Danielle sees a lot in practice that companies really do it before the audit and therefore have to register or implement things at the last minute. When you talk about certification and an ISMS, this is a continuous process and a way of working in your organization. It has to be in the DNA of your company.
Of course, it might remain exciting, so make sure that you don't go out of your way to be the auditor. And keep in mind that it is for your organization. If you work on your ISMS throughout the year and continuously work with it and on it, then you will no longer see it as annoying. And you will find that it helps your business further, gives insights and able to improve your organization and services! So... change your mindset and stop worrying about the audit! Just get started.
Tips from Danielle de Vaal for your audit in a row
Be honest, state if you don't know the answer to a question.
You are conducting an audit for your organization, not for the auditor!
Work on your management system throughout the year and don't just 'get started on the audit'.
Change your mindset and have confidence!
Contact Protify for advice to prepare for your certification or audit.
Want more tips or advice on ISO 27001 certification or parts of it? This year Protify has again successfully completed the audit and next year the triennial recertification will take place again for ISO 27001. Do you want to get ISO 27001 certified or do you want to go through a preparation rehearsal to prepare for your audit? Danielle and her colleagues are happy to give you advice and tips, contact us to see which service suits you best.