IAM-specialist TrustBuilder has recently been awarded the ISO27001 certificate. This certification delivers confirmation of the importance that TrustBuilder has been attaching to information security since its inception. For TrustBuilder customers, this certification delivers proof that one of their business-critical partners conforms to ISO27001.
“Many of the best practices that ISO27001 requires, were already implemented at TrustBuilder,” says TrustBuilder COO Kris Van Opstaele, who oversaw the certification together with external advisor Toreon. “Many of our customers work in a regulated environment or in industries that manage a lot of sensitive data, and where the appetite for risk is low. Our customers hold financial information, hr information or other personal information. TrustBuilder helps these companies protect their data. It’s only logical that we have always placed the highest value on information security management. As we are migrating the delivery of our IAM solution to the cloud, conforming to ISO27001 becomes even more important.”
ISO27001 is the worldwide standard for information security. Implementing an information security management system (ISMS) is the basis for obtaining the certificate. The ISMS is a system of processes, documents, technology and people that helps to manage, monitor, audit and improve an organization’s information security.
“With ISO27001, we can guarantee our customers that every aspect of what we do is steeped in information security,” said Kris Van Opstaele. In turn, this helps our customers prove to regulators that a critical business partner like TrustBuilder is going to great lengths to mitigate risk.” This applies not only to the IAM solutions we build, but also to the implementation and professional services we deliver to our customers. “Information security is inherent in everything we do, from setting requirements and technically designing a feature or product thru’ to testing and implementing our solutions. Before we start a professional services engagement, we thoroughly document all security requirements, giving our customers peace of mind.”
Implementing ISO27001 is no simple task, and involved all departments of TrustBuilder, including Sales, Marketing and Procurement. TrustBuilder has information security in its DNA, so that made going through the process more straightforward. “Secure development holds no secrets for us,” said Kris Van Opstaele, “so, for a lot of requirements, we just needed to tick the boxes.”
The current ISO27001 certification is valid until 2024, but is audited on a yearly basis. “The scope of ISO27001 changes in parallel with the security and cyberthreat evolutions, so we monitor all requirements and our compliance on an ongoing basis,” said Kris Van Opstaele.