EN 
NL 
DE 
Earlier this year, CTOUCH achieved its ISO 27001 certification. With this, the international manufacturer of interactive large format touchscreens demonstrates compliance with the set quality standards around information security. "CTOUCH takes cybersecurity seriously and information security well embedded in its organisation," state Bernard Gosselink (CFO CTOUCH) and Ron Hoogkamp (Operations Manager CTOUCH).
Information security is more relevant than ever
CTOUCH has a particularly strong presence in northern Europe. Bernard: "We have been producing and selling interactive touch displays since 2010. We are active in the Netherlands, Belgium, Luxembourg, Germany, the UK and the Nordics. And now we are also exploring some countries in southern Europe. We have made a name for ourselves in education, but are also seeing an increase in business customers. For example, our touchscreens help make presentations more interactive." CTOUCH employs +/- 80 people from their Eindhoven office.
It was a logical step for CTOUCH to start the certification process for ISO 27001. Bernard: "Futureproof, sustainable and safety are three important pillars within our company. Cybersecurity is a relevant topic and we want to ensure information security. For ourselves, but also towards our customers."
It is a way of working
Ron Hoogkamp, as project leader, supervised CTOUCH to keep this certification process on track. Ron: "We already achieved ISO 14001 certification last year, so we knew to some extent what to expect. That's why we also decided to supervise the implementation ourselves, using the ISOPlanner package. We soon discovered that properly implementing all ISO standards was more difficult than we initially thought. Indeed, ISO 27001 requires a lot of work to properly integrate all the measures into the organisation. It goes beyond setting up a document system, it is a way-of-working and also requires organisational adjustments."
Getting straight to work on areas for improvement
After CTOUCH implemented all the measures, DigiTrust tested the company according to the applicable ISO standards. Ron: "We put everything in place to meet the set requirements. Until the first audit, we were uncertain whether we were on track to achieve ISO 27001 certification. DigiTrust's auditor was positively critical and put his finger on the sore spots. This resulted in several concrete areas for improvement. This gave us the confidence that, if we tackled this properly, we could eventually achieve it."
Bernard: "Following this, we took the necessary time to adequately address these issues. The CTOUCH team then managed to implement the necessary issues appropriately."
Looking back at the process
CTOUCH looks back on the certification process positively. Ron: "Beforehand, we did underestimate it slightly; we had a lot of work to do to get our organisation ready for ISO 27001. And then at a certain point you think you are far along with all the preparations, but it turns out you still need to take more steps to comply with all the standards. The period around the audit in particular was extremely intensive. But DigiTrust has always been very clear and identified points where we were not yet working according to the standard. Their communication about this was clear. When we addressed these points, we felt confident that we could achieve certification. Fortunately, we were able to integrate everything well into our organisation."
Compliance with the ISO 27001 standard
Bernard: "As an organisation, we now meet the safety standards around information security. We have passed the first gate, so to speak, now it is a matter of continuing to act in the right way in practice. We monitor this and adjust where necessary. For us, this ISO 27001 certification confirms that CTOUCH has taken the right security measures. Customers are increasingly asking for this certification in tenders. The fact that we comply with it is a more than welcome bonus."
CTOUCH achieved ISO 27001 certification for their entities: CTOUCH Service & Training BV, CTOUCH GmbH, CTOUCH UK Ltd and CTOUCH Denmark ApS.
