After an 18-month process, cybersecurity technology and services provider Nclose has received its ISO 27001 certification. This enables the company to demonstrate that it manages IT risk in accordance with best practices.
The achievement comes as part of Nclose’s bid to offer its customers greater reassurance of how seriously it takes risk and security management. The ISO 27001 certification qualifies that a business has all the necessary risk and security management procedures in place.
“The company decided to pursue this certification two years ago so as to demonstrate to the market that we are adhering to the required security processes within our own business, while helping customers secure their own,” explains Martin Potgieter, the co-founder and technical director of Nclose.
“The certification further confirms that the company is evaluating and keeping a record of risks that the business may face, while implementing the necessary controls in a sustainable manner so as to mitigate those risks,” he elaborates.
Potgieter continues that being able to demonstrate the ability to manage one’s risks has always been essential. However, taking care when making changes to one’s business processes, and the risks that it may introduce, has become more important in 2020.
“While Nclose began its journey to ISO 27001 certification before the pandemic struck, Covid-19 has certainly introduced a lot of change to organisations and their security requirements across the board, with remote working and a dispersed workforce being most evident. Pursuing this certification actually helped us more easily transition into operating mostly remotely, which is how we are working now,” he comments.
While security requirements remain the same whether one is working from a centralised office, or remotely, how these are implemented differs drastically. IT departments have a great deal more control ensuring that security requirements are being met in an office than they do when employees are working on their own notebooks or PCs at home.
Beyond being better prepared for the changes ushered in by the pandemic, obtaining the certification has additionally opened up further opportunities to Nclose, and enabled them to more confidently address customers’ questions and concerns.
Potgieter notes that there are two ways to obtaining ISO 27001 certification – the first is as a tick-box exercise, while the second is to view it as an exercise in implementing sustainable security procedures. Nclose has opted for the latter approach, and one that he encourages other small and medium businesses to adopt.
“Adhering to the ISO 27001 processes is not at odds with being a small, dynamic company. Nor does it have to be viewed as locking down the business or introducing a large amount of red tape. In fact, it can be applied without much disruption,” stresses Potgieter.
Explaining why he encourages other businesses to go the same route, he notes that increased trustworthiness is the biggest advantage, particularly for those companies providing cybersecurity products or services.
“Having this certification is a clear indication to your customers that you are practicing what you preach, and applying it in your own business,” he concludes.