Posted on May 8, 2019

Security first – Textkernel achieves ISO 27001 certification

 

Textkernel has dramatically bolstered its security credentials by passing a stringent security audit and obtaining ISO 27001 certification. For the vast majority of our customers, data security and privacy is of extremely high importance which no company will compromise on. While Textkernel has always placed a strong emphasis on the privacy and security of our data, this new achievement means that we commit to maintaining this high level of data security as a matter of standard practice moving forward.

We took time to sit with Textkernel’s Information Security Officer, Johan van der Zel, and the Chief Technology Officer, Maciej Hoch, to discuss what the standard is and why this is such an important milestone for the company. Get the highlights in the below 3-minute video, or read on for a more detailed overview:

Some background

ISO 27001 is a standard published by the International Organization for Standardization, which defines the requirements for an effective information security management system. This standard provides companies with a framework for assessing compliance to a high level of data security and privacy quality.

“At Textkernel we realise how valuable the data is that we process for our customers, so we really want to make sure we secure it in the best way possible.” – Johan van der Zel, Information Security Officer, Textkernel

Why aim for higher security certification now?

According to Maciej Hoch, CTO at Textkernel, the ISO project started from two angles. “One is the fact that we are working with an increasing number of big customers and this type of customers only want to work with organisations that can be trusted. And, the way to earn the trust of these organisations is by showing them an independent audit proving that you as a company comply with certain security standards.” Maciej continues: “The second angle is that we as Textkernel feel responsible for our customer’s data and for security. Those two paths conform neatly into the ISO project and we have decided this is one of the most important initiatives for Textkernel to execute.”

ISO is not simply a once-off procedure where we prepare for an audit, pass and then get awarded a certificate. Rather, it requires us to implement continuous improvement of our procedures and consider security first and foremost before we implement any changes.

How Textkernel approached achieving certification

Achieving certification starts with the design of our systems. These go through a detailed review process before and during implementation to make sure security is the primary concern. “It requires effort from the entire organisation,” says Johan. “It’s not just one security team which is responsible for every process and procedure. Everyone from IT Operations through to office staff does their part, even if it’s simply keeping laptops locked while they’re out at lunch.”

Johan explains that ISO doesn’t just touch the infrastructure that hosts our services, it includes company-wide processes and how we handle business continuity. “We have to look at current events happening in the world and ensure that we’re able to respond to any potential setbacks quickly and effectively.”

“Security incidents” aren’t just what we know from Hollywood

ISO goes well beyond the digital security of data. A personal example the auditor highlighted was that we needed to put the effort into analysing our cleaning company and assessing what risks, if any, they bring to our organization through their access to our offices. That is, thankfully, a very easy control to conform to, explains Maciej. “The more complex fixes are around ensuring that our network is secured when we connect with third-party providers, backed by active monitoring and escalation procedures that allow us to respond to any potential incidents within a matter of minutes.