ISO 27001 certification: how we got there

Monday, October 10, 2022
Koen Verschooten
Operations manager
Egwin Avau
Founder & CEO

Back in 2021 we embarked on a mission together with PwC Belgium to make a thorough assessment of our data security practices compared to the ISO 27001 norm. What followed was a journey that led us to official ISO certification in July 2022. This article will highlight how we got there and what this certification means for our daily operations, our product portfolio, our clients and our whole team.

What is ISO 27001?

ISO/IEC 27001 is an international standard on how to manage information security, providing requirements for an information security management system (ISMS). This enables organizations to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.

Why ISO 27001?

We’ve been doing a balancing act for many years:

On the one hand: we love - and we need - to work in a fast-paced manner 

On the other hand: we cherish quality, including the information security aspects

Mature software products come with the assurance that data will be dealt with in a correct manner; both from an operational and technical point of view. With the ISO 27001 certification in hand we’re formalizing our high security standards across our product portfolio. Nothing we build will be shipped without our information security management system principles applied.

The certificate supports both our internal (employees and contractors) and external operations (clients, candidates, authorities and more).

The road towards ISO 27001 certification
  1. Defining the approach

We had been discussing the need for a certification for a while since security was becoming a recurring topic for our products. To streamline the process of implementing the ISMS, we got in touch with PwC for support. PwC has assisted us in the preparation of documents and guided us through the list of requirements and standards.

  1. Building an ISMS

The way we work is constantly changing but an ISMS that defines a policy and system is crucial. The current building blocks of our ISMS can be summarized as follows:



  1. Time for audit

To officially obtain the official ISO 27001 certification, we had to pass a series of audits, which in our case happened in three stages:

  1. Continuous improvement

Continuous improvement is in our DNA. The ISMS is no different for us. In the coming years, we’ll continue to build upon the foundations we have built in the past year in order to refine our information security processes as a team.

What’s next?

We see this certification will serve as a stepping stone towards new and larger scale partnerships and responsibilities. We come with all the benefits of a young and ambitious team, and we have the solid backing of our ISO 27001 certificate to demonstrate the same security assurances as the biggest players in our industry. “Move fast and break things” doesn’t apply to us. We move fast and deliver quality at the highest security standards.

We are so incredibly ready for what the future holds!

See also