ISO 27001 certification is an international standard that helps organizations manage the security of their information assets. It provides a management framework for implementing an ISMS (information security management system) to ensure the confidentiality, integrity, and availability of all corporate data such as financial information, intellectual property, employee details, or information managed by third parties. By certifying to ISO 27001 BCB Medical can demonstrate that it has defined and put in place best-practice information security processes and taken the necessary steps to protect the business.
The certificate is not mandatory and not all organizations choose to get certified and just use ISO 27001 as a framework for best practices. As BCB Medical had already implemented on a long-term basis according to the management framework, the decision to apply for certification was a natural step in the process.
“BCB Medical has worked for a long time already fulfilling, and many times even exceeding requirements by the ISO27001. We have always been committed to handling both customers and our own assets by following legal requirements, strict guidelines and industry best practices in our daily work. We wanted to get official recognition for this longstanding work, and after audits we were directly successfully certified by ISO 27001”, says Mika Vuokko, CIO of BCB Medical.
The standard helps the company to become more productive and builds customer trust
Ensuring information security and finding new ways to protect against cyber-attacks are important factors for business success. With ISO 27001 certification BCB Medical has the tools and necessary methods at its deposal to defend itself against all threats.
“Thanks to the proactive and determined work of our IT and Engineering teams we have established the standards of practice in our company and ensured that they are implemented in our daily routines”, emphasizes Mika Vuokko.
As the company grows and is increasingly oriented toward international markets, the ISO 27001 certification is seen as important for increasing customer, partner, and end-user confidence in BCB Medical. With the certification, BCB Medical can demonstrate and reassure that the requirements of the standard are being met and all data is really protected. ISO 27001 standard helps businesses become more productive by clearly setting out information risk responsibilities, appropriate policies, and controls. “It is expected to reduce the number of detailed information security and data protection questions received from customers”, says Mika Vuokko.
An auditable international standard that defines the requirements of an information security management system
ISO 27001 is the international standard that defines the requirements of an information security management system (ISMS). The ISO 27001 standard sets more than one hundred requirements for a comprehensive information security management system. The requirements apply to the secure management and processing of data, as well as to security risk monitoring, management measures, supplier relations, and personnel safety.
The comprehensive audit process examined the security of Customer Saas environments, existing practices in product development and environments, financial data, intellectual property, HR processes and personnel, management commitment to information security work, and more. The audit process was carried out by BM Certification and as the result, BCB Medical was ISO 27001 certified without non-conformities.
“I am very pleased with the professional work by everyone in our staff who were putting their effort into achieving this. Our management team fully supports ISO 27001, and we will invest even more in the security of our products and environments. We will always maintain a proactive security mindset when developing and offering our products to our customers”, says Petteri Viljanen, CEO of BCB Medical.