ISO 27001: what does it mean?
ISO 27001 is a globally recognized standard for information security. Organizations must demonstrate their commitment to protecting confidential information to obtain this certification. This is ensured by working according to an extensive security program. In July 2022, Purple started the process of setting up an Information Security Management System (ISMS). This system diligently lays out how Purple handles confidential information. Our final goal? Achieving the ISO 27001 certification. And we succeeded!
People, process and technology: everything is covered
Our ISMS describes how we handle information and what we do to process and store this information securely in great detail. During the process, we have formalized and updated our policies and rewritten and added required aspects to comply. The strict standard is applied to all of our business processes: from cloud infrastructure and IT architecture to services and suppliers. But also to the data of our employees, the physical security of our offices, and our codes of conduct. People, process and technology: everything is covered within our approach to Information Security. To ensure continuous compliance with this policy, we spread awareness among our employees, perform yearly penetration tests, closely follow our annual planning and apply the PDCA cycle.
What does this mean for our customers?
The above sounds great, but what does this mean for our customers? Everyone is aware of the fact that information security is an important topic within many companies. That is why we are happy to provide clarity to our customers on our information security and demonstrate that we handle data professionally. We simply meet a strict standard. For us, this certification gives us the ‘license to operate’: we can show that we have everything together when it comes to information security. It proves our professionalism and commitment and brings our customers a certain peace of mind. They can rely on a partner who takes care of their information security in a way that meets the standards.
How did we experience this process?
Robert Jeninga, COO, and Paul Smit, Technical Consultant, contributed greatly to the development of the ISMS and the examinations needed to receive the ISO certification.
Robert: “We are incredibly proud to have obtained this certificate. The team has worked very hard to achieve it. It’s also great news for our customers, as it shows their confidential information is in good hands. With this certification, we demonstrate that we take information security seriously and that we are committed to maintaining the highest industry standards. For Purple as an organization, this is an important step in our maturity too. Where growth and development come together. We have developed, described, and implemented policies and felt that our foundations were solid. It’s great to see this confirmed. It was an intense period, and we will continue to optimize and develop in the coming years. I get a lot of energy and inspiration from the cooperation and involvement of the team to achieve the best possible results. It’s a great achievement, and I’m very proud of the team!”
Paul: “When it is your goal to professionalize and improve information security, many challenges will cross your path. Fortunately, these challenges have all turned out to be manageable. When you find out that the core values are supported by our entire team, this sparks intrinsic motivation. Setting up and getting the renewed structure in order certainly had some difficulties, but at the same time, this gave a huge boost to hold on and continue. I look back on a period full of ownership, new insights, humor, and maturity. Thanks to our whole team, we are now at the beginning of a very solid future.”
But this is not it! At Purple, we are actively looking for additional certifications, such as ISO 27016: information security for cloud services. We can always add and improve.