For a number of years now, IT security has been a major consideration for companies. The regulation of risk management is becoming increasingly strict, and in order to meet the growing demands of clients, the implementation of an information security management system is seen as an increasingly convincing initiative..
The ISO 27001 standard sets out best practice guidelines for information security systems and is awarded in recognition of work carried out on this information security management system.
The type of ISO certification was selected by Codasystem, whose IT teams are based at the Technoport d’Esch-sur-Alzette in Luxemburg.
Codasystem is involved in creating original digital photographs that cannot be edited, and which are stored in secure systems that guarantee their integrity.
What this means is that Codasystem can provide its clients with the means to take photographs using a Smartphone, and then give invest them with evidentiary value so that they are effective against third parties.
The hardware and software together form a seamless, legal solution which certifies the item, the date on which it was created and its location. In order to do this, each stage of the process is managed - from the creation of the item, through to its archiving, via its distribution to the final recipient.
Codasystem therefore acts as a trusted third party with respect to its professional clients.
It was the niche nature of its business, together with the stakes involved in securing the information being processed that led Codasystem to set about getting ISO/IEC 27001 certification.
The company successfully passed the final audit in May and the certificate arrived a little later. If this process was a success, it is due to the method being easily adaptable to the specific context of a start-up company. The documentary structure was reduced, the number of processes to be audited was limited and staff were made aware of their responsibilities at all stages of the process.
The initiative was also made easier by the management team being very involved on a daily basis in the deployment of the system and by the project team always favouring simple and pragmatic solutions for winning the staff over.
The whole process, from the project launch to the final audit, involved 18 months of work. And when we take stock of the situation, it's worth noting several observations. Although investment was important for Codasystem, it was the management’s involvement, the way the project was staggered out over time and the involvement of all the staff which made it possible to keep clients satisfied and carry on with the management of day-to-day business.
The company has benefited from the exercise, and now enjoys better control over its processes, improved risk management and a more proactive approach to incidents. It can also continuously monitor key indicators for the information system. All this, in addition to the certificate itself, serve to improve and promote the company's security, as well as the confidence of its clients.
"Getting this certificate was a very important step for Codasystem", says Frédéric Levaux, the company's CEO. "Given the innovative nature of what we do and the small size of our company, our clients might have asked questions about the reliability of our processes. But now ISO certification provides our clients with a recognised guarantee that the work we do is of a high quality, and that our processes are trustworthy."
It is worth pointing out that Codasystem is the first privately owned company in Luxembourg to be awarded ISO/IEC 27001 certification, and one of the first innovative start-up companies to take advantage of this certification for its information system security processes.
