It's imperative that an effective information security management system becomes ingrained in every corporate culture to ensure the confidentiality, integrity, and availability of information. 

Information security has always been a top priority for Janitza. A new level of security has now been achieved, visible by the ISO 27001 certification. ISO 27001 is a globally recognized seal of quality and guarantees a high standard of the processes applied by Janitza. 

Thomas Schöbel, Head of Integrated Management Systems at Janitza, answers the most important questions about ISO 27001 and explains why the certification is a milestone for the company. 

"The topic of information security has always been part of Janitza's corporate and product strategy. Certification is the objective and documented proof that the company is committed to ensuring the confidentiality, integrity and availability of information." 

Thomas Schöbel, Head of Integrated Management Systems at Janitza 

 

Let's start at the beginning: What exactly is ISO 27001?  

ISO 27001 or ISO/IEC 27001:2017 is an internationally recognized standard for information security It outlines the criteria for establishing, implementing, operating, and continually improving a documented Information Security Management System (ISMS). Essentially, an ISMS comprises procedures, processes, and guidelines designed to ensure that all company information and data are handled with utmost security. This refers to all types of data - not limited to digital - and applies to network and computer security across all areas of the company.  

In addition, ISO 27001 specifies the requirements for assessing and managing information security risks tailored to the individual needs of the company. At its core is the systematically structured approach to protecting the integrity of operational data and its confidentiality while ensuring the availability of IT systems crucial to the company’s operations. 

 

What are the benefits of ISO 27001 certification? 

ISO 27001 certification underscores Janitza’s dedication to maintaining the confidentiality, integrity, and availability of information through the implementation of robust information security management systems.   

This certification not only reduces liabilities and business risks but also assures customers and partners of Janitza's proactive stance towards data protection. By fostering continuous improvement in company processes, it promotes standardized operations, enhancing efficiency and optimization. Moreover, the certification enables Janitza to identify, assess, and mitigate potential security threats, laying a solid groundwork for compliance with diverse data protection regulations worldwide. 

 

How did the certification process go?  

The successful implementation of ISO 27001 demands thorough preparation and the dedicated engagement of all employees across the company. Initially, a focused plan was meticulously developed and endorsed in collaboration with the management team. Subsequently, it was imperative to engage every member of the organization in understanding the requirements and regulations and to ensure their familiarity with the processes. Achieving robust information security within the company hinges on the conscientious handling of data by every department and individual. 

In preparation for certification, we conducted a thorough evaluation of our company's processes and established an information security management system. As our ISO 27001 implementation project progressed, we conducted internal audits to assess our progress and enlisted the support of an external service provider to enhance our efforts. During stage 1 of the certification audit, our internal audit measures, management review, and process evaluations were scrutinized, providing the lead auditor with an initial on-site overview. After successfully completing stage 1 and confirming our readiness for certification, stage 2 involved a comprehensive audit to review our conformity with ISO 27001 requirements. This included interviews with employees and management, as well as a thorough examination of documents and on-site conditions. 

Following the completion of the audit report and the implementation of the action plan, the ISO 27001:2017 certificate was issued in December 2023, valid for three years. Through annual repeat audits, the certifier ensures ongoing compliance with ISO 27001 and monitors developments within Janitza. This commitment mandates continuous evaluation and improvement of information security in alignment with defined processes. By adhering to these standards, Janitza minimizes risks and upholds the confidentiality, integrity, and availability of information, which are the primary objectives of ISO 27001. 

 

What happens now? 

We are dedicated to continuously enhancing our processes and are collaborating with an external service provider on another project to expand expertise within the company. In 2024, all employees will undergo further training in information security. We will assess the upgrade to ISO 27001:2022, considering all necessary changes resulting from revisions to the standard, and plan accordingly if deemed necessary. 

The ISO 27001:2017 certification is a tangible outcome of our internal information security endeavors. For our customers and partners, this signifies the assurance that Janitza remains a steadfast and trustworthy partner.