arrow up
All news

July 22, 2021

Teal Partners achieves ISO27001-certification

Teal Partners has been ISO certified since May. The ISO27001 certificate recognizes Teal Partners' quality in information security. "This external validation shows that data security is at the forefront of everything we do," says Jelle Huygen. "It guarantees that we structurally approach Information & Security Management."

From the start, Teal Partners has attached great importance to privacy and security. The certificate applies to security in internal operations as well as in external projects. Jelle Huygen explains why obtaining the certificate is a logical next step for the company.

Why did Teal Partners choose to commit to ISO recognition?

Jelle Huygen: "Privacy and security are high on the agenda for all our clients. The attention for this theme is still gaining in importance. With this certificate, we are responding to this evolution. In every collaboration and every project, privacy and security are the most important 'non-functional requirements', as we say in jargon. Sensible handling of personal and sensitive data is a conditio sine qua non in our profession.

The government is imposing increasingly stringent security requirements. The GDPR legislation has been in place for some time. We already paid a lot of attention to data protection and security in practice. The growth of Teal Partners and the ever-increasing awareness for the subject prompted us to work on a thorough Information Security Management System, or ISMS for short. This meant formalizing our existing processes around security and privacy and working on the organization's overall maturity around this topic."

What exactly does "setting up the Information Security Management System" entail?

Jelle Huygen: "We translated our existing informal processes into a more formal and structured form. For everything concerning software and application development, there was already a solid basis to start from; our internal processes already followed largely informal agreements and procedures. This basis was worked out in more detail. We mainly started documenting in a structured way.

The result is established standards, policies, best practices, guidelines and procedures. No fewer than 61 in all. These now form the guiding principles for how we work, both internally and externally.

The installation of the ISMS does not have to lead to bureaucracy; on the contrary. Flexibility and efficiency are of the utmost importance to us. Working according to fixed and secure protocols only provides a formal guarantee of what we were already doing informally."

How did you go about getting recognized?

Jelle Huygen: "Given the complexity and importance of this process, we asked the specialists at Toreon to guide us. We had met them before during projects where they supported the customer and us with PEN testing, threat modeling and security audits."

After a thorough analysis of our existing landscape, a roadmap was drawn up to achieve ISO27001 certification. The certificate was not a goal in itself, but along the way, we decided to go ahead anyway. To do so, we contacted Brand Compliance. They took care of the external audit.

The entire process took fifteen months. Six colleagues were actively involved, each for about half a day a week. Today, of course, the whole organization is involved."

Does that finish the job?

Jelle Huygen: "An ISO standard is a process of continuous improvement. The solid foundation is there, and it is now our ambition to build on that foundation."

Every year, there is an internal and an external audit. The annual external audit concerns a partial aspect of the ISMS, with a full external audit taking place every three years.

To maintain our ISMS and keep it at the level of the ISO standard, we have set up a 'Privacy & Security team. These colleagues will safeguard and build on all aspects of the system. They will take responsibility within our organization and take care of the practical aspects of user, asset and rights management.

The intention is to continue to grow the awareness of the matter within Teal Partners. We will put privacy and security on the agenda during each quarterly meeting. We are providing training and will regularly invite an external speaker to inspire us."

Partnership with Toreon

The Antwerp-based company Toreon assisted Teal Partners in obtaining ISO certification. Toreon assists organizations in getting cyber risks under control and improving security. This ranges from strategic advice and coaching to concrete and operational tasks.

"It was a pleasant collaboration and a fine process that culminated in the intended goal," says ISO27001 specialist Youri Biesmans of Toreon. "Teal Partners achieved the best result we have ever recorded on an audit."

Jelle Huygen of Teal Partners: "We appreciate the professionalism and high-quality standards of Toreon's consultants. The company has true specialists working for them, who have the talent to combine their skills with pragmatism."