Information and knowledge is for Halito! one of the most important assets. That is why we attach so much importance to its protection. Below you can read how far we go with an ISO 27001 certificate and why that is so important for you as an event manager, even if you are busy organizing events instead of security.
As an event manager, you don't want a data breach
As an event organizer, you are responsible for a lot of sensitive information. Sensitive information that you must handle appropriately, in particular under the General Data Protection Regulation (GDPR). Unfortunately, it is not always handled with care. With major and, above all, underestimated risks lurking. Imagine that your event would cause a data breach! The consequences of a data breach are dramatic: financially, but also the reputation of your event is seriously affected. It is therefore very important that all data is stored properly. But how do you know whether your security complies with all security measures? After all, you are an event manager, not an IT specialist, right?
ISO 27001 as an international standard
ISO 27001 is an international standard in the field of information security. You can only obtain the certificate if you meet strict requirements regarding the protection of sensitive information. Many event organizers use event software, but do not know whether this data is properly protected! You can recognize this by the ISO 27001 certificate.
A company that has an ISO 27001 certification has proven that it has knowledge about how to deal with data security. It understands the standard for information security and takes all necessary so-called security measures to work safely.
At Halito!, information security has been our top priority for many years. Obtaining the ISO 27001 certificate was the icing on the cake. As a result, Halito! meets all requirements regarding information security. All sensitive information that you store and process in the event software is very well protected at Halito!.
ISO 27001 and GDPR
Now I hear you thinking “GDPR and ISO 27001, are they the same?”. No! The GDPR or in Dutch Algemene Verordening Gegevensbescherming (AVG) was created to enable citizens to view and change their personal data. Many companies misused this sensitive information, which means that companies (and therefore also events) now have to meet strict requirements to protect the data correctly and to handle it correctly.
However, compliance with the GDPR is only a small part of ISO 27001. GDPR compliance certainly does not mean that you meet the ISO 27001 standard.
Requirements imposed by ISO 27001
Obtaining an ISO certification does not just happen, a company must meet many many security requirements. These requirements are divided into different sections. Of course, it is very often about technical requirements, but we want to spare you in this article. If you want to know more about this, be sure to check out our security page. However, ISO 27001 does not only look at technical criteria. The information security policy ISO 27001 (what a term, isn't it) looks much broader.
Context of the organization
The way the company is organized partly determines whether it is able to meet all criteria. What profiles are there in the organization? What competencies do all employees have? Who is a backup for whom? How are training courses organized within the company? But it also concerns other stakeholders within the organization such as suppliers, partners, freelancers, shareholders,… How are these relationships organized and how are risks assessed?
It is important that the organization recognizes the importance of ISO 27001. This is addressed with the leadership criterion. In this section, we have established an information security policy at Halito!. This policy states that Halito!'s management communicates the importance of information security to employees, recognizes its requirements and ensures that requirements are adhered to and that continuous improvements are made. And of course how exactly that will happen.
Subsequently, all possible risks that an organization has been examined. Each risk is assessed for impact and probability. Backups are a good example. The chance that you need them is not that great, but if you don't have them, the impact is unlikely. By listing and estimating all risks, you get an overview and you immediately know which risks you need to tackle first. You make a plan for that.
Supporting processes is about making the right resources available to comply with the ISO 27001 standard. Think of the right expertise in the company and the tools to meet the requirements. In addition, the organization must meet the requirements on awareness (information security policy, consequences of non-compliance), communication (internal and external communication) and documented information (create, update and manage).
Implementation of the policy
When the supporting processes are up to standard, the organization can proceed with the implementation of the policy. This includes operational planning, information security risk assessment, and risk handling. Operational planning means that we at Halito have to realize the measures that have been drawn up and make a plan in order to achieve the set goals.
Evaluating performance is also part of information security ISO 27001. The organization must meet the requirements to be able to monitor, measure, analyze and evaluate. For this, we at Halito! have determined who will carry out these measurements and when they will be carried out. In addition to these matters, an internal audit is also mandatory. An internal audit means that within the organization it is checked whether all the requirements of the ISO 27001 certification are also being met over time.
The last section is about improvement. The requirements of this chapter deal with deviations, corrective actions and continuous improvement. When there is a deviation, the organization must react to it and, if necessary, take measures to control the deviation. The organization must also ensure that the deviation does not recur by removing the cause.
As an event manager, why look at ISO 27001?
As described above, it is a lot of work for an organization to meet the strict requirements of ISO 27001. Halito! ensures that it is virtually impossible to access the sensitive information of the personal data of event participants.
However, the hard efforts pay off. For you as an event manager, it offers important guarantees:
- ISO 27001 is an international standard
- ISO 27001 is a very thorough information security management system
- A company with ISO 27001 is constantly working on security, even after obtaining the certificate
- A company with ISO 27001 takes security seriously.
And your own IT department?
Your own IT department within your organization is also under increasing pressure and is constantly raising the bar. As a result, it is becoming increasingly difficult to purchase or use third-party software. By choosing a company with an ISO 27001 certificate, your IT department will respond much more relaxed. Try it out! 😊
Event software with ISO 27001
During the organization of your event, you come into contact with sensitive information about visitors. Think of names, addresses, e-mail addresses, functions and so on. Sensitive information that you do not want to give to third parties. But the danger of a data breach is right around the corner.
To ensure that sensitive information of your visitors does not end up on the street from the event software, it is important to investigate whether the software has an ISO27001 certificate. This is the case with Halito! and you can assume that your data is stored securely.
Read the page ISO 27001 certificate for Halito! and view the authentic certificate. Yes, we did it!
But Halito! is much more than an information security management system that is very good at it. With our software, you manage event communication and registration from one central place. Do you want to automate your event communication and registration and be assured that your data is stored securely? Request a conversation with us!