Published at 13.01.2020
Ever since we started our business, information security was one of anynines’ main concerns if not the most essential concern of all.
With the ISO/IEC 27001 certification, we now finally hold the confirmation by a globally acknowledged independent inspection institute, that we fulfill all the requirements of information security for international business.
Learn, what the ISO/IEC 27001 really is, why we applied for it, which challenges we faced and what benefits the certificate provides.
Table of Contents
The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have developed ISO/IEC 27001, a standard for the information security of enterprises.
The international standard ISO/IEC 27001 governs information security in private, public or non-profit organizations. It describes the requirements for the deployment, realization, operation and optimization of recorded management systems for information security.
The ISMS is a systematic model for the introduction, realization, operation, monitoring, maintenance and optimization of information security within the organization. Hence, it provides a great benefit for our business objective to grant a safe environment for our clients.
anynines is a digital transformation company focused on building, automating and operating modern application developer platforms.
In times of digitalization, we have to meet high information security standards in order to grant safe and successful work.
Digital transformation of business and economy is in permanent progress. This provides both advantages and risks.
Digital transformation of business and economy is in permanent progress. This provides both advantages and risks. Our objective to support and guide our clients through this process in the best possible way requires not only the production and provisioning of high quality software.
It also requires the reduction and minimization of risks through certified security of internal processes, providing safe and confident use of any information entrusted to us.
Our clients’ trust and in consequence our business success are based on our acknowledgement of information security as a key role for the fulfillment of our tasks. Almost all important strategic and operative functions and tasks are essentially supported by software and IT-systems.
With the security of our own knowledge in mind and what is more: with regard to the security of our client’s data, we would like to be prepared even for the worst case. Therefore, a failure of IT-systems must be compensated at least on short call if not stante pede. Even in sub-sectors our business must be kept running.
With our core competence in the development of innovative products as well as the maintenance and consulting concerning comprehensive platform solutions, our knowledge, as well as all information and data entrusted to us must be protected safely from unauthorized access or manipulation.
From the very beginning, the greatest challenge was the provisioning of internal resources to implement, control and run the Information Security Management System (ISMS) within our organization in order to grant our information security objectives and to protect our business values.
The definition and consideration of business objectives and company assets are always the first major steps to implement an ISMS.
The definition and consideration of business objectives and company assets are always the first major steps to implement an ISMS. Here, the ability to define the most important and essential aspects is necessary in order to identify potential risks and find solutions to protect our assets and values against them.
Hence, risk analysis and management form an essential part of the entire management system and can only be performed properly with an appropriate awareness of those values and assets.
Alongside, the recording and documentation of processes posed a real time challenge for us. Nevertheless, we were able to implement the ISMS within less than 18 months and even reached certification maturity within that short amount of time.
During the implementation of the management system and the creation of appropriate documentation, our employees faced the challenge to find the time to be trained in order to grant a common level of awareness and in order to create or improve common rules for documentation as well as to optimize processes and grant strict compliance to continuously developing information security guidelines.
By means of a strict and well organized training schedule we also managed to take this obstacle and finally achieved a common level of knowledge concerning information security for all employees.
Risk analysis and the detailed consideration of processes and procedures concerning vulnerabilities is an essential element of the ISO/IEC 27001 standard both in the daily process of product development as well as in collaboration with our clients.
For our international clients and according to our own aspiration, data exchange requires a well structured process definition.
With the establishment of this standard we trained optimization options using the plan-do-check-act (PDCA) cycle.
Moreover, we gained both a deeper understanding of how to optimize process definitions and procedures as well as a greater awareness of possible risks and how to minimize or even eliminate them.
The most substantial and ubiquitous aspect during the establishment of the management system is to ensure confidentiality, availability and integrity.
As they form fundamental aspects of anynines’ company values, they are of crucial interest in risk analysis and need to be granted at any time.
The continuous improvement process with Kanban, anynines had already introduced years ago, helped us to be aware of and understand the necessity of means to identify poorly defined processes and eliminate risks and vulnerabilities.
Confidentiality, availability, integrity form a significant proportion of our business values and company assets at anynines and their protection belongs to one of the most essential reasons for the trust, confidence and loyalty we have gained of our customers over the years.
The successful certification of the ISMS according to the ISO/IEC 27001 standard by TÜV Süd provides reliable confirmation of our company’s ability to create complex management systems at short notice. At the same time, we maintain excellent product quality and meet the demands and expectations of our international clients.