GISGRO receives the ISO 27001 certificate for information security management
Cyber security and confidentiality of information are hot topics in every industry, not only in ports. In the context of maritime cyber security, port authorities play an important role in guiding the stakeholders in port’s area about best practices and applying them also in their own business and operations. The ports are facing an increasing number of cyber threats, the pandemic being one of the influencers in the growth of information security risks.
Working closely with ports, our own business also has many connection points on information security. Information security sure is one of the most critical aspects of our work from software development practices to sales discussions, and we keep an eye on the latest developments on the topic in maritime industry. To make our information security processes more transparent to our clients and stakeholders, we decided to apply a certification according to a globally known ISO 27001 standard for information security management. The certification was completed in the summer and the diploma now decorates our office!
From the left: Maija Vanttaja, Managing Director of Kiwa Inspecta, Timo Aarvala, CEO of GISGRO, and Keijo Virtanen, Lead Auditor at Kiwa Inspecta.
People and processes are the foundation of information security
“As we are familiar with many other ISO standards and had previously certified our quality, safety, and environmental management, also the information security management fitted quite easily in our processes. The most important steps in the certification process were to recognize and evaluate the security risks and to increase awareness among our personnel. In a software company, information security is built in many roles, but we communicate regularly on topics such as data handling procedures”, describes Pia Asikainen, Organizational Development Specialist at GISGRO.
The rules and procedures on information security management at GISGRO also affects the client processes. With our clients we share the best practices on how to manage user groups and permissions. Multi-factor authentication minimizes the risk of unauthorized access. In a bigger picture, GISGRO’s easiness of use and the ability to update information improves the integrity and availability of information in ports, which is a key principle in ISO 27001 standard.
“The ISO 27001 certification is a reward for our efforts to develop information security in our work. However, this doesn’t mean the work is now done. We will still be working with our clients to make the digital transformation in port industry as safe as possible”, concludes Timo Aarvala, CEO of GISGRO.