GISGRO receives the ISO 27001 certificate for information security management
Cyber security and confidentiality of information are hot topics in every industry, not only in ports. In maritime cyber security, port authorities play an important role in guiding the stakeholders in the port’s area about best practices and applying them in their own business and operations. The ports are facing an increasing number of cyber threats, the pandemic being one of the influencers in the growth of information security risks.
Working closely with ports, our business also has many connection points on information security. Information security sure is one of the most critical aspects of our work, from software development practices to sales discussions, and we keep an eye on the latest developments in the maritime industry. To make our information security processes more transparent to our clients and stakeholders, we decided to apply a certification according to a globally known ISO 27001 standard for information security management. The certification was completed in the summer, and the diploma now decorates our office!
From the left: Maija Vanttaja, Managing Director of Kiwa Inspecta, Timo Aarvala, CEO of GISGRO, and Keijo Virtanen, Lead Auditor at Kiwa Inspecta.
People and processes are the foundation of information security
“As we are familiar with many other ISO standards and had previously certified our quality, safety, and environmental management, also the information security management fitted quite easily in our processes. The most important steps in the certification process were to recognise and evaluate the security risks and to increase awareness among our personnel. In a software company, information security is built in many roles, but we communicate regularly on topics such as data handling procedures”, describes Pia Asikainen, Organisational Development Specialist at GISGRO.
The rules and procedures on information security management at GISGRO also affect the client processes. We share the best practices for managing user groups and permissions with our clients. Multi-factor authentication minimises the risk of unauthorised access. In a bigger picture, GISGRO’s ease of use and the ability to update information improves the integrity and availability of information in ports, a key principle in the ISO 27001 standard.
“The ISO 27001 certification is a reward for our efforts to develop information security in our work. However, this doesn’t mean the work is now done. We will still be working with our clients to make the digital transformation in port industry as safe as possible”, concludes Timo Aarvala, CEO of GISGRO.