We value your privacy. We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Read our Privacy Policy for more information.
back arrow icon

Our journey towards ISO27001 certification

Monday, October 10, 2022
Koen Verschooten
Operations manager
Egwin Avau
Founder & CEO

Back in 2021 we embarked on a mission together with PwC Belgium to make a thorough assessment of our data security practices compared to the ISO 27001 norm. What followed was a journey that led us to official ISO certification in July 2022. This article will highlight how we got there and what this certification means for our daily operations, our product portfolio, our clients and our whole team.

What is ISO 27001?

ISO/IEC 27001 is an international standard on how to manage information security, providing requirements for an information security management system (ISMS). This enables organizations to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.

Why ISO 27001?

We’ve been doing a balancing act for many years:

On the one hand: we love - and we need - to work in a fast-paced manner 

On the other hand: we cherish quality, including the information security aspects

Mature software products come with the assurance that data will be dealt with in a correct manner; both from an operational and technical point of view. With the ISO 27001 certification in hand we’re formalizing our high security standards across our product portfolio. Nothing we build will be shipped without our information security management system principles applied.

The certificate supports both our internal (employees and contractors) and external operations (clients, candidates, authorities and more).

The road towards ISO 27001 certification

  1. Defining the approach

We had been discussing the need for a certification for a while since security was becoming a recurring topic for our products. To streamline the process of implementing the ISMS, we got in touch with PwC for support. PwC has assisted us in the preparation of documents and guided us through the list of requirements and standards.

  1. Building an ISMS

The way we work is constantly changing but an ISMS that defines a policy and system is crucial. The current building blocks of our ISMS can be summarized as follows:


  • ISMS policy: defining the scope of the ISMS and context of our organization
  • Internal security policy, the heart of the ISMS, covering among others:
  • Passwords and devices
  • Incidents
  • Data protection and classification
  • Secure development
  • Physical location security
  • Organizational security
  • Internal audit policy: a half-yearly internal audit and yearly external audit 
  • Performance evaluation process: measurements on how well our ISMS is operating


  • Procedures: we don’t rely on extensive documentation, but prefer well defined checklists that we organize in our kanban boards that embody our information security principles. For example: product initiation, onboarding and offboarding procedures, (technical) audit of our product portfolio, default meeting agendas,...
  • Continuous improvement: as processes and standards evolve, we’ll make sure our ISMS will keep maturing as well.
  1. Time for audit

To officially obtain the official ISO 27001 certification, we had to pass a series of audits, which in our case happened in three stages:

  • Internal audit: internal checks and balances to ensure we do as we write.
  • Stage 1 audit: Preparation audit to verify if we were ready for the 2nd stage audit based on the documentation we had in place.
  • Stage 2 audit - certification: the last step was the final audit during which employees were interviewed and policies were thoroughly examined. We passed the final audit and received the certificate from DQS.
  1. Continuous improvement

Continuous improvement is in our DNA. The ISMS is no different for us. In the coming years, we’ll continue to build upon the foundations we have built in the past year in order to refine our information security processes as a team.

What’s next?

We see this certification will serve as a stepping stone towards new and larger scale partnerships and responsibilities. We come with all the benefits of a young and ambitious team, and we have the solid backing of our ISO 27001 certificate to demonstrate the same security assurances as the biggest players in our industry. “Move fast and break things” doesn’t apply to us. We move fast and deliver quality at the highest security standards.

We are so incredibly ready for what the future holds!

Let's build!

Are you looking for an entrepreneurial digital partner?
Reach out to hello@panenco.com or schedule a call

Egwin Avau
Founding CEO
Koen Verschooten
Operations manager

Subscribe to our newsletter

Quarterly hand-picked company updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.