Sii, one of the fastest growing IT and industrial engineering companies in Poland, has introduced ISO 27001. – Obtaining the certificate confirms the accordance with the best global practices and because of that our clients can be certain that we provide services at the highest level – says Katarzyna Stromecka, Business Processes & Quality Director at Sii.
ISO 27001 is an international standard created to manage information security. Introducing it in an organization helps to ensure data protection and minimalize the possibility of unauthorized access. According to ISO 27001, information security is ensured through introducing a protection system, involving such areas as: processes, procedures, the organizational structure as well as software and hardware functions. – Data security is our priority on every step of project execution. We ensure that the information we hold is protected against inappropriate disclosure and provide access only to authorized persons – says Gregoire Nitot, CEO and founder of Sii Poland.
For Sii, an IT and engineering services leader, introducing ISO 27001 is highly beneficial. – Obtaining the certificate confirms the accordance with the best global practices and because of that our clients are certain that we provide services at the highest level – says Katarzyna Stromecka, Business Processes & Quality Director at Sii. – A certified system expands the catalogue of factors, which are crucial to Sii being chosen as the preferred supplier. Moreover, the certificate will allow us to participate in formal procurement procedures, dedicated only to its holders – she explains.
What is more, the Information Security Management System provides tools for identifying threats and introducing proper protection, allows to manage security and eliminate the risk of breach. For Sii, which pursues projects within the scope of software development, product engineering, service desk, testing, IT infrastructure and training, the highest security standards are a priority.
Although the processes, which were in place previously, provided proper information security, the entire security policy underwent an audit for the purpose of adjusting it to the newest standards. – For the purpose of the certification process we had to make an inventory of the procedures which have already existed, but didn’t form a coherent system, as well as identify the missing elements required by the ISO 27001 standard. We have introduced the necessary precautions and trained our workers according to the new procedures. Implementation of the new rules into practice was verified by a number of audits; firstly internal and then certified audits executed by an accredited entity – says Stromecka.
Sii does not plan to settle only for implementation and certification. The Information Security Management System requires constant maintenance and improvement. Moreover, corrective and preventive actions must be taken and the risk must be constantly identified and monitored.