EN 
NL 
DE 
It is becoming increasingly important to demonstrate that, as an organisation, you meet all the requirements around information security. Kaliber realised this and decided to prepare their organisation for the ISO 27001 certification process. DigiTrust recently awarded the official certificate.
Nienke van Heusden, Managing Director, and Erik Westra, Technical Director, explain how the ISO 27001 implementation Calibre as an organisation a little more professional. It also demonstrates to their clients that they handle information security in the right way.
Increased focus on information security
Digital agency Kaliber combines strategy, creativity and technology to create interaction between people and brands. Nienke: "We help brands grow and move their target audience. About five years ago, we changed our course. We changed from project organisation to account organisation. Meaning we put more effort into building long-term relationships with our clients instead of working from project to project. Our focus is now on cracking their issues and offering the best solutions."
Erik: "The world is changing and large companies have been taking their security more seriously in recent years. Handling data carefully is important. After all, data breaches are occurring with increasing frequency and more cyber attacks are being reported. Our clients, too, want this properly regulated. They therefore expect their suppliers to have their information security in order. You put yourself out of business as an agency if you do not have ISO-27001 certification."
Clear in communication
In preparation for assessment against the ISO 27001 standard, Kaliber was assisted by Nieuwhuis Consult. Nienke: "Their consultant actually became part of our project team to implement ISO 27001 within our organisation. He also tipped us off to DigiTrust as a certifying body. This was based on good experiences from the past. The first contact felt right away. There was a click. In doing so, DigiTrust communicated very clearly about how the assessment would work."
Translating standards rules into workable situations
Implementing the ISO 27001 standard within the organisation required time and attention. Erik: "We wanted the implementation to be organisation-wide and not become a technical project. We were able to create support by clearly explaining the need. Information is the gold of our time. And when you have a bag of gold in your hands, you can't quietly put it on the table and walk away. By this kind of comparison, we tried to make the sometimes complicated matter more tangible."
Nienke: "The most important thing was to translate the rules of the standard into a workable situation for Kaliber. So that everyone understood what was expected and our organisation remained agile. While we collected evidence and wrote out all the regulations in triplicate. It was difficult to make that translation."
Erik: "We had indeed underestimated that beforehand. It was quite a task to make the somewhat raw text from the standard logical for everyone and apply it within our organisation. Then we also had to draw up a translation document so that we knew how our measures corresponded to the rules in the standard."
Making sure everything was well documented
During the implementation, they found that they were well on their way. Nienke: "From a small project team, we included everyone in the company in the process. Through periodic checks, awareness sessions and presentations. As a result, we knew at one point that we had everything set up properly. It was then a matter of collecting and documenting the right evidence."
Erik: "The timeline outlined beforehand turned out to be unrealistic. The team was small and it required a lot of work. That we had to pick up alongside our daily work. But looking back over the whole process, we are very satisfied."
Clear feedback during the audit
Erik: "Just before the audit, we were nervous. It felt like we were heading for an oral exam. After all, you don't know what to expect. DigiTrust's auditor was relaxed and put us at ease. He had clear agenda points and always reported back what his findings were. He explained exactly what effect a particular result had. In doing so, he did not sit there to point his finger. Observing the rules of the norm, he guided us through the review in a pleasant manner."
Now it is just beginning
Nienke: "Whereas at the start we were particularly interested in getting certified, we now find that many processes are better streamlined. That helps when new people or freelancers come in. Calibre has become more professional as an organisation."
Erik: "ISO is not an end in itself. It is a stamp you get when you work according to a certain way. In that respect, it is like childbirth. After the first audit, it only begins and you have to make sure your organisation continues to develop. It makes us proud that we are now ISO 27001 certified."
