Smooth, robust certification process with Sensus BPM Online
Sensus has been issued an ISO 27001 certificate for its process management. ‘This shows that Sensus takes the security of customer data very seriously and that we, as an organisation, have put a lot of thought into the design of our security cycle,’ says Monique van Dodewaard, who has been there from the start of the certification process. This is important news for current and new customers of Sensus, who are increasingly demanding that their collaboration partners effectively manage information security risks in accordance with ISO 27001 standards. Sensus prepared the path to the external audit using its proprietary software, which proved very suitable for this task. And that is good news too.
Nowhere is it as important to have the right measures in place to protect customer data as with a software company like Sensus. With us, security has always been of paramount importance. With ISO 27001, security means much more than cybersecurity alone: it encompasses the design of IT information security and extends to aspects like ensuring that customer information and print documents are securely filed in a locked cabinet and employing a clean desk policy, for example. It also covers screening employees and partners and protecting their personal data. In other words, the standard requires that you employ an Information Security Management System across all processes.
At Sensus, Monique van Dodewaard is a specialist in process management processes aimed at receiving certification. And even given her extensive experience in this area, this particular project was not an easy one for her. ‘Until now, I had never had to deal with certification in the area of information security. As a software company, we need to take many additional measures to ensure security. For customers, on the other hand, this is usually ISO 9001, a completely different certificate covering a completely different area.’
Where information security is concerned, the impact is usually significant. In the media, you can read almost daily about hacks, data breaches and cyberattacks. In spring 2020, companies using a Citrix environment to work and share information securely within the organisation were potentially compromised. A security vulnerability forced Amsterdam Airport Schiphol, the Dutch House of Representatives and several Dutch ministries to take their Citrix servers offline. And the University of Maastricht fell victim to a ransomware attack that kept hundreds of students from accessing the university’s systems.
In the run-up to the external audit, Monique van Dodewaard interviewed numerous Sensus employees. ‘You generally don’t expect to be greeted with great enthusiasm: ISO certification is often seen as a necessary evil. I was surprised, however, by the effort and commitment of our people. We should be proud of that. It shows that everyone in our company is fully aware of the importance of information security. So all credit to our team, also for the way they have set up security.’
Sensus BPM Online, an ideal certification tool
‘Whichever ISO standard you want to meet, you always have to describe your processes first and show how these work. This preparation process produces findings, which you then follow up with actions, meaning you are right away engaged in quality management and continuous improvement. You need to set up a management system with a ‘plan–do–check–act’ cycle. And you need to carry out an annual risk assessment, continuously check whether your information management system meets your own standards, and comply with and embed your measures. We have linked the standards of ISO 27001 and the associated risks and risk management measures in our system. Because you can now clearly see which standards and management measures cover which processes, risks can be effectively managed.’
‘A lot of customers are currently working towards getting their ISO certification. Sensus BPM Online has proven to be an ideal tool for this. Thanks to Sensus BPM Online, our own certification process was a well-organised project. Aside from the actual certificate, it also provided a well-functioning quality system that ensures that we handle customer data securely.’