Solteq Plc celebrates a significant achievement as ISO/IEC 27001 certification was issued to the company’s group-level IT services for the second time on December 5, 2022. The scope of the certification covered the development, operation, and maintenance of group-level IT Services covering all Solteq locations. The certification is valid for the next three years, and auditing compliance with the certification requirements is conducted annually. The certification was conducted by KPMG IT Certification Ltd.
ISO/IEC 27001 is the only auditable international standard that defines the requirements of an information security management system (ISMS), a set of policies, procedures, processes, and systems for managing information security risks, such as cyber-attacks, hacks, data leaks, or theft. Certifying to ISO/IEC 27001 demonstrates that an organization has defined and adopted best-practice information security processes.
“The ISO 27001 certification demonstrates to our customers and business partners the comprehensive security practices taken to protect their operations. The magnitude of cyber security threats is on the rise, resulting in severe financial and reputational risks for businesses worldwide. Information security is a continuous area of development, and we are committed to staying ahead of the curve,” concludes Perttu Kulmala, Director of IT at Solteq.
The certified Information Security Management System enhances:
Security practices and controls: Certification to ISO/IEC 27001 involves undertaking regular reviews and internal audits of the ISMS to ensure its continuous improvement. In addition, an external auditor will review the ISMS at specific intervals to establish whether the controls are working as intended. This independent assessment provides an expert opinion of whether the ISMS is functioning properly and provides the level of security needed to protect information throughout the organization.
Risk management: a standardized Information Security Management System aims to prevent major risks, such as financial losses, fines, and damages to reputation.
Compliance with business, legal, contractual, and regulatory requirements: The standard is designed to ensure the selection of efficient security controls that help to protect information in line with increasingly rigid regulatory requirements such as the EU’s General Data Protection Regulation (GDPR).
Customer confidence: ISO/IEC 27001 certification demonstrates world-class security practices, thereby improving working relationships with existing clients and giving a competitive edge in acquiring new business.