ISO 27001 – how to manage information security wisely

High level of Primesoft Poland services confirmed by ISO certification

We talked to Dariusz Jarczynski, Member of the Board, Operations Director, Information Security Officer of Primesoft Poland on the topic of secure information management. 

Few companies can boast being ISO 27001 certified. What is this certificate?

Certification to the international ISO 27001 standard covers the information security management system. This standard imposes a number of requirements on the organization to ensure the security of the data it processes. Due to the restrictive guidelines of the standard, few companies opt for certification in this area. 

The certification covered the entire organization, with a particular focus on processes related to the company’s core business of designing, manufacturing, implementing and maintaining software dedicated to electronic information flow. 

For our customers, protecting information is a high priority. The certificate we obtained confirms that, as a processor of our customers’ data, we take care to maintain the highest security standards in terms of availability, confidentiality and integrity of information. 

What has the implementation of an information security management system changed in the operation of the company?

The implementation of an ISMS in an organization is related to the ordering of internal security procedures and policies. The standard’s guidelines require the organization to have a systematic safety management system. The foundation of an ISO 27001-compliant ISMS is the process of analyzing and assessing risks associated with potential threats. In addition, as part of the established ISMS, it is necessary to build employee awareness, create system documentation, as well as cyclical activities related to evaluating the effectiveness of the system and planning to deal with risks.

How does getting certified affect the relationship with your customers or potential customers? How does the certificate translate into the quality of the products offered and services provided?

The certificate obtained is an independent confirmation of our organization’s level of maturity in data security. This is a very important element in assessing the credibility of the company by our partners and customers. Many times we even encounter a requirement to have this type of confirmation as part of conducted security surveys.

ISO 27001 certification is another step in the company’s development by improving the quality of our services, ensuring the professionalization of our operations, and ensuring that we maintain the highest level of security for the solutions we provide to our customers.

What challenges have you encountered in implementing a CMS?

The implementation of the project required developing and documenting the organization’s existing safety policies, building staff awareness and ensuring that the established rules are applied in daily operations. Preparing for certification involved a great deal of commitment from the entire team while carrying out ongoing projects and ensuring a standard level of service.

What certification body did you cooperate with during the project?

The certification audit was conducted by an independent certification body, TÜV NORD CERT GmbH, operating based on accreditation by the German DAkkS. The main criterion for selecting a certifying body was its credibility, reliability and recognized brand.

What’s next?

The implementation of the ISMS system and its certification is the next step in raising information security standards in our company. In accordance with ISO 27001 guidelines, our goals are aimed at improving and enhancing the effectiveness of the system.

This is an important event in the history of our company. It confirms our competence in providing information security. I am proud of our entire team, as we successfully passed the certification, thus achieving the set goal.