Fastroi have been ISO 27001 certified

It’s official! We are very proud to announce that Fastroi Oy is now ISO 27001:2013 certified and we received the standard certificate on 18th November 2019! This means that Fastroi Oy now complies with the international standard in information security.

Fastroi ISO 27001-certification

What does this mean for our customers and partners?

We want to give our software users all over the world the assurance that their data is securely handled and stored. Information security and privacy are the most important things to us: they have always been among our top priorities both in our operations and in the design of our products. Now we are able to confirm this to you with us obtaining the official ISO 27001 certification. By obtaining the certificate, Fastroi Oy has now proved our compliance with a recognised international security standard.

What does the certification mean and what is ISO 27001?

The International Organization for Standardization (ISO) is a global body that collects and manages various standards for different fields and disciplines. In today’s world, with so many industries now reliant upon the internet and digital networks, more and more emphasis is being placed on the technology portions of ISO standards.

In particular, the ISO 27001 standard identifies over 100 requirements for a comprehensive Information Security Management System (ISMS), and defines how organisations should manage and handle information in a secure manner, including having appropriate security controls. The standard is designed to function as a framework for the organisation’s ISMS. This includes all policies and processes relevant to how data is controlled and used. The ISO 27001 standard is not an IT system, and it does not mandate the use of specific tools, solutions, or methods, but instead functions as a compliance checklist. The standard takes into account all of the operations of a company including areas that many other information security standards overlook, such as Human Resource Security, communications and supplier relationships, to name a few.

How did the journey of ISO 27001 happen?

We at Fastroi started our comprehensive data protection and privacy work during 2017. We formed an Information Security and Privacy Team, an inter-team task force, which consists of the Company’s Data Protection Officer, the Information Security Officer, Product Managers and other Company staff.

While going further on the data privacy journey, we formed a broader perspective of the information privacy and security fields and came to realise that to apply the best practices in both, we need to complete a precise information security and privacy framework. It is highly important in today’s world, that companies of all sizes recognize the importance of cyber security, but simply setting up an IT security group or obtaining an IT system was, in our opinion, not enough to ensure the best possible data security. This is why after some consideration, we chose the ISO 27001 Standard. It was also an intrinsic selection for us, since we have already obtained the ISO 9001 Quality Management System and ISO 14001 Environmental Management System Standards.

After selecting the ISO 27001 standard, during 2018 we implemented the Fastroi Information Security Management System according to the Standards requirements. In practice, this meant that to achieve compliance we had to be compliant with the 114 risk management controls in the Standard. This meant writing and implementing an extensive set of policies and procedures, a lot of staff training, both for all-staff and for specific teams, setting up physical security controls, reviewing and verifying network access measures, passwords, cryptographic controls and so on. As a very comprehensive approach to information security management, the ISO 27001 Standard compliance was quite an undertaking for us, but by keeping the goal of achieving the best possible information security level in mind, it allowed us to progress on our journey along with the never-ending support of Fastroi Senior Management.

The compliance evaluations started in the spring of 2019 when we performed a complete internal audit of our organisation. Following our thorough internal audit, we started the external auditing process in May of 2019. The external audits, which took place in two stages, were performed by the international certification accredited organisation DNV GL.

Initially, the external audit for the first time application of the certification took place in two separate stages which was a very comprehensive cross-sectioning on the entire Company. In the first stage, the audit focused on Fatroi´s ISMS and in the second stage, it looked particularly at Company operations and products and the services we offer.

What now? – Life after the certification

By claiming the ISO 27001:2013 certification, we at Fastroi are validating our ongoing commitment to security practices and risk management. By benchmarking our policies and procedures against this internationally recognised Information Security Standard, our Clients can be assured of the resilience and data protection we can offer.

Earning the official ISO 27001 certificate is only the first step of the journey to us. Even though we have now claimed the Standard, the work for maintaining the best possible security and privacy of data, the work never stops. From the audits, both internal and external, we got a lot of valuable feedback and since continuous improvement is both a requirement of the Standard, and our personal ambition, we will be able to improve our Information Security and Privacy Management even further.