elfGROUP’s all operations have been certified according to the internationally recognised information security management system standard ISO 27001. Bureau Veritas has audited our operations and granted us the certification on July 3rd, 2019. We announced our ISO 9001 news this April, and now our certification portfolio includes also the information security management certification.
The certification audit was a thorough process for the whole company. The audit was carried out for both the ISO 9001 quality management system and the ISO 27001 information security management system at the same time.
Persistent work to achieve the certifications
For several years now, we’ve carried out internal development activities with process and quality control improvements, as well as creating an operational handbook that documents and aligns all elfGROUP’s practices. Developing and implementing work instructions, policies and guidelines to standardize our internal procedures and our way of fulfilling different assignments has formed a big part of the development work that our COO Katja Tonteri has lead. Throughout the years it has been important and rewarding to see these policies come alive and become an integral part of our daily work.
The ISO standard conformity has required a lot of documenting of our procedures and events. Also many of the already existing administrative and technical information security practices we had to put in writing and ensure that the defined way is consistently practised. We have experienced this development as a positive improvement – although documentation and all this formality brings along some extra work, it’s definitely worth the effort. For example, defining and actually following your risk management process, or specifying organizational roles, are often easily left undone in a small company. However, according to my experience with elfGROUP’s small organization of 15 people, such standards driven management system is a solid foundation for developing the company and the business. The standardized framework is very comprehensive and is well suited to many different industries.
For sure, the audit wasn’t just a documentation exercise. elfGROUP’s chief information security officer and senior cyber security specialist Markus Hamara and IT manager Edward Shornock got to, amongst other things, showcase our readiness for a disaster recovery of critical IT systems in a simulated situationwhere the primary data center would not be available at all.
This development work hasn’t been done in isolation, although information security work is often surrounded by a veil of secrecy. Already for a long time we have worked in cooperation with Oulu Business Networks’ (OBN) quality, process and business development specialists. Also, the cooperation with Bureau Veritas during the audit process was very fluent. I’d like to take this opportunity to thank all our cooperation partners who have supported us and especially elfGROUP’s personnel for their continued commitment in the quality and information security focused operations in our everyday work.
We have already received positive feedback from few of our customers concerning the certification news. The certifications build up credibility in our operations and in the confidentiality statements we provide our customers with. I believe that all the experience and know-how accumulated from this development work will contribute to our cyber security excellence and will directly benefit also our customers.