Freshheads ISO-certified!

Around May of last year, I started as a Security Officer at Freshheads with the task of further professionalizing our information security. Something I wholeheartedly agreed to at the time. Because with my background as a programmer, I already knew a thing or two about it. And how hard can it be, such an ISO certification? Lesson for next time: think it over before you say “yes”. Because before I knew it, I found myself in a world of management systems, risk analyses, standards, and policies.

Okay, but what does such an ISO certification actually entail? You should see it as a working method and a large set of “standards” around information security that your organization must comply with. This includes thinking about screening employees, making backups, or handling passwords. It really affects a lot, even things I had never really considered. For example, synchronizing and documenting all the clocks of our information-processing systems to ensure data integrity.

What you ultimately prove with this ISO certification is that your organization has a system in place where you take certain measures based on risks, check their effectiveness, and have a procedure to continuously improve. All to guarantee the availability, integrity, and confidentiality of information. Wow, I notice I'm really going off on a tangent and getting lengthy, so let's quickly move on to what this means for us and our customers.

We find it important to handle all personal and confidential customer information with care. Because the last thing we want is for something to happen that puts customers or end-users in an uncomfortable situation. Now that an independent party has determined that we have our information security in order, we can go to bed with peace of mind. And our customers can also trust that we do everything we can to protect all that valuable information. Win-win!