- Posted by: Débora Menezes
- Category: Newsroom
According to the 2018 ISO Survey, only 110 Brazilian companies reached this level; the work to adapt to the standard facilitated the company’s migration to the Home Office.
Kryptus, a Brazilian-Swiss company specialized in cryptography and information security, has just received the ISO / IEC 27001: 2013 certification, which covers 100% of the processes carried out at the company’s headquarters in Campinas, São Paulo. Although ISO 27001 is an international reference for ISMS (information security management systems), in Brazil, only 110 companies were able to comply with this standard, according to data from the latest ISO Survey 2018 survey.
This certification is in addition to other security accreditation that the company has already obtained, in particular from the Armed Forces. The achievement is the result of extensive adaptation work carried out at Kryptus own initiative, under IT Management, led by Igor Jardim, manager and lead auditor for the standard and responsible for the ISMS sector. The project mobilized all areas of the company, culminating in the harmonization of processes and business needs, fundamental actions for companies operating in the market for the protection of critical communications and sensitive data, such as Kryptus.
According to Jardim, most companies are seeking certification under the ISO 27001 standard to meet a specific project, such as a tender that requires the standard, for example, but notes that this kind of opportunistic implementation can affect the quality and safety of the project delivery. “That is why we started a gradual adaptation work that involved the entire organization and had a complete restructuring not only of IT, but of all internal processes combined with several internal audits to achieve excellence in certification, without impacting our operations”.
Driven by this context, the company’s migration process to remote work flowed easily. “Our employees already have a very comprehensive view of security, they know that it is not enough to implement a complex password and that simply working within a company system does not necessarily mean being secure”, he explains. “Everyone knows the importance of implementing security controls”, he concludes.
Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the ISO / IEC 27001: 2013 standard is used worldwide for organizations to adopt an appropriate model for defining, implementing, operating, monitoring, reviewing and management of an information security management system. Due to its 360 ° approach, this model covers multiple aspects of the information contained in the organization.