ISO 27001 is a globally recognized standard in the field of information security. With ISO 27001 certification, Halito! proves that we meet all requirements regarding information security. The certificate proves that Halito! handles all possible data well. We comply with more than 100 so-called controls that have been checked by an external auditor.
Information security with ISO 27001
Customers know that at Halito! we take security very seriously. Our bar is set high and they appreciate that.
ISO 27001 is dé international norm
When it comes to information security, ISO 27001 is the international standard. The standard specifies requirements for establishing, implementing, executing, monitoring, assessing, maintaining and improving a documented Information Security Management System (ISMS) in the context of the overall business risks to the organization.
ISO 27001 is required for Halito!
Information and knowledge is one of the most important assets for Halito!. That is why it is necessary to properly protect that data. Because the ISO 27001 standard is internationally regarded as the quality certificate to demonstrate that a company takes adequate security measures to protect data, we have opted for this label at Halito!.
The target for Halito!
At Halito, we want to achieve 3 goals: to protect the confidentiality, availability and integrity of all data within our organization.
- Confidentiality: only authorized persons can access the information.
- Integrity: the information is correct, complete and correct.
- Availability: the information is accessible to the user at the right times and in a timely manner.
From passwords to fire protection to HR policy. ISO 27001 is all-encompassing and includes:
- Regulations (protection of personal data)
- Organization (roles and responsibilities of employees)
- Assets (IT infrastructure, networks and systems)
- Personnel (policy, human error, theft, fraud and other abuse)
- Physical security (access to buildings or IT infrastructure)
- Communication and operation (management of systems, processes and procedures)
- Development and maintenance of systems and software (documentation and processes)
- Business continuity (policies and procedures)
Objective and independent
An ISO 27001 certificate is the objective and independent proof with which you as an organization demonstrate that you are serious and structurally involved with information security. This was preceded by a very extensive audit by an independent body. Halito! chose DQS.
The certificate is not an endpoint
Achieving ISO 27001 is not an endpoint. Continuous improvement of information security is expected and as standards are adjusted, Halito! should follow. We have therefore defined different roles within our team to ensure that a certificate is not a one-off effort, but a continuous process.
It's about excellence, not perfection
There is unfortunately no such thing as perfection in information security. There will always be risks and ISO 27001 is no different. The ISO 27001 certificate is therefore not about perfection, but about excellence. And we at Halito! are very proud of that.
A conscious trajectory
Security has been an essential value in our company from the very beginning. With this certificate we want to give you as a customer certainty about the security of the confidential information. We can guarantee that we work according to certain processes and that sufficient controls are built in to guarantee quality. At Halito! we take security seriously.
The last straight line
- The entire process has been mapped out, all measures have been taken and the organization has been adjusted accordingly. Check!
- We have had a successful internal audit. Check!
- We have also completed a successful first phase of the external audit. Check!
Part 2 of this audit is planned for the end of August. We’ll be shouting it from the rooftops once we’ve successfully completed this phase too! 🙂
With the ISO 27001 certificate, Halito! proves that we set the bar high when it comes to information security. Our entire organization is aware of its importance and acts accordingly.
- Professional and structured approach to data protection
- Objective and independent evidence
- Business continuity guarantees
- Continuous Improvement of Information Security