In this interview, Sonia Travaglini, Managing Director of Promosfera, explains the reason for choosing ISO/IEC 27001 certification and the benefits for clients.
Why did you choose to be ISO/IEC 27001 certified?
Promosfera has always had, among its objectives, offering clients the utmost professionalism and reliability. The choice of ISO/IEC certification ties in with this purpose. This certification allows clients to immediately identify us as a reliable company, able to guarantee all the necessary information security and indicates that we are always ready to grow and innovate. In short, to give more.
Being able to exhibit ISO/IEC certification demonstrates that we have passed a third-party audit carried out by a certification body: we not only want to demonstrate transparently to our clients that we have valid processes but also that these have been supervised and certified, and that we can also therefore offer an international guarantee provided by a reliable, competent and independent certification body.
Have you had to make many changes to your organisation to obtain certification?
In reality, our organisation already had a cogent structure and we had a series of verification processes and steps designed to guarantee a secure and reliable service. But we raised the bar and put in place an ISMS (Information Security Management System) that involves processes, documents, technologies and people.
What is changing for your clients?
Having ISO/IEC certification guarantees our clients that we can offer them a high level of information security and takes away any need to audit the same. This yields considerable savings in work and bureaucracy. In addition, ISO/IEC certification gives them the certainty that we have systems to protect their data and to respond to potential threats with structured risk management that guarantees, across the board, the necessary security in the management of information, limiting risks and potential damage. Last but not least, with ISO/IEC 27001 we consolidate our position internationally.
Have the security and risk management objectives therefore been achieved?
Certainly, but ISO/IEC 27001 certification is much more than that because it guarantees clients that the company will continuously improve its information security systems through the annual audit. In fact, every year a certified company must participate in an external review process and demonstrate that it is maintaining certified security standards and process compliance.
Are you happy to have taken this path?
Yes, of course, it has been a challenging journey and a significant investment in economic terms, but we are convinced that we have made the right choice. We are a benchmark for our clients in Italy and around the world and we want to offer them the best. We aim for constant growth, both professional and corporate, and now we are ready to meet the challenges that the future holds.