ISO 27001-Zertifizierung: Ein Blick hinter die Kulissen unseres Projekts
In January 2024, we kicked off our ISO 27001 project. Our aim was to centrally bundle all security-relevant processes, guidelines and verification documents in order to create transparency - both internally and towards our customers and partners. At the same time, we wanted to prove that information security is not just a buzzword at AZOWO, but an integral part of our corporate culture.
Why ISO 27001 is essential for us
The ISO 27001 certification stands for an internationally recognized information security management system (ISMS) - and has long been seen as a minimum requirement in many tenders.
For our customers, the certification means a reliable level of security that is regularly checked by external audits. Instead of individual inquiries about IT security, they can rely on a documented, practised standard in future.
However, the benefits go far beyond mere verification:
Cost reduction: Standardized processes reduce the risk of security incidents and the associated costs.
Time saving: Infrastructures, suppliers and emergency management are checked - lengthy individual assessments are no longer necessary.
Ahead in terms of trust: Our customers know that their data is protected to the highest standards.
ISO 27001 not only saves time and money, but also creates the trust that every business relationship needs today.
The path to certification - and its hurdles
Originally scheduled to take six months, the project quickly developed into a company-wide challenge. In particular, the cross-departmental collection and structuring of all relevant information was much more time-consuming than expected - and demanded a lot from us in terms of organization.
The low point was reached when around 80% of the documentation had been completed, but there was no end in sight. But it was precisely at this point that a new drive emerged: the will to see it through. The subsequent test audit gave us back our confidence - our auditor certified that we were in an excellent position for initial certification.
The biggest challenge was not the technology - but finding and coordinating all the information.
In December 2024, the time had come: we passed the ISO 27001 certification with flying colors. We were delighted - and our project manager was relieved to no longer have to go around the company with "annoying questions".
Curious anecdotes included
Even though the project was demanding, there was no shortage of humor. Our auditor jokingly revealed that he wasn't allowed to eat gummy bears at home - especially not the red and green ones. Of course, we made sure we had two well-filled bowls - at the end of the audit, both were empty and our auditor was completely satisfied.
Another highlight: a game of hide-and-seek quickly developed in the office as soon as the word ISO was mentioned. Many a colleague disappeared conspicuously quickly into the coffee kitchen or was suddenly in meetings to avoid being involved in the next round of documentation.
As soon as I entered the room and said 'ISO', suddenly there was no one to be seen - I've never had so many transient colleagues.
Conclusion: More than just a certificate
The ISO 27001 certification was not a sure-fire success - but it was an investment that paid off. We have not only structured and improved our internal processes, but also created a solid foundation for future customer projects.
And one thing is certain: we will always have gummy bears in stock ;-)
