We have obtained our ISO 27001 certificate again! This time, not through an annual check-up but through two full audits. The first audit involved transitioning to the updated ISO 27001 standard. This was followed by a full recertification, which we passed with flying colors. We identified ten opportunities for improvement, had no minor non-conformities, and no critical non-conformities.
Phew, Yes, the Audit Went Well
A strict and fair approach is, in my opinion, the correct attitude for an auditor. However, this only holds if the auditor knows their subject matter and demonstrates associative ability in their questioning. Which thankfully was the case for us this time around. And “phew” because it is habitual to tidy up a bit before an audit. The process is very familiar to me as I conducted audits based on the ISO 9001 standard in the distant past. It was an enjoyable task because it allowed me to get to know a company well. I saw many tidied-up places, but the real question was always, “What is it really about?” and “Is the intended and stated quality level achieved?”
Benefits of Certification
What I find particularly valuable about ISO 27001 certification is that it sets you on a path you might not have taken otherwise. The number of measures needed to keep data safe, integral, and available is significant. Once everything is arranged, it gives a feeling of security, though that remains a relative concept.
Data Security Measures
Penetration testing is a standard element in our range of security measures, and in this case, it was conducted by Laatjehacken. Additionally, we hire external professionals to assess all our measures through internal audits. This is deliberate. While we have data security expertise within our company, it is limited to a few colleagues. To avoid inspecting our own work, we use external specialists. This, like the certification audit itself, provides insights into improvement opportunities.
Open Audit Day in Papendrecht
Since we are in the midst of audits, we have also decided to make extra room for second-party auditing. We occasionally receive audit requests from customers in highly regulated environments, so we will host an Open Audit Day. On this day, a limited number of customers can visit our office simultaneously to perform an audit. It is a practical solution for us and an enjoyable one for our visitors: all parties learn from each other’s questions and observations. Meanwhile, we do our best to answer everything we can address.
Our upcoming Open Audit Day is fully booked, but we encourage you to express your interest in an (English) Open Audit Day at our office via info@manualmaster.com. We look forward to your visit and will work on the presented ISO 27001 improvement points in the meantime. After all, striving to become a bit better every day remains our goal.
By Fred Vahlkamp