The positive spinoffs of Certification for system and data security
It’s nothing new. Businesses have always taken steps to protect their data and systems. But things have shifted once again with technological advances, digital transformation, the Cloud, etc.—especially since Europe’s introduction of the General Data Protection Regulation (GDPR). This new regulation has prompted companies around the world to take another look at their operations.
To demonstrate their compliance, companies can choose from a variety of certifications. It’s an ambitious, lengthy undertaking, but it could have a major positive impact on your business. Not only will it enhance your reputation and image, but it may push you ahead of your competitors and open new business opportunities.
Objectif Lune recently embarked on this journey and obtained ISO 27001:2013 certification. Daniel Desjardins, Corporate Strategy Manager at Objectif Lune, tells us the key steps they took and, more importantly, the positive outcomes he has noted already.
Interview: Implementing ISO 27001 certification for data security
Why was it important for Objectif Lune to be well positioned in terms of system and data security?
Objectif Lune is a global company and a large part of our client base is in Europe. With the well‑known European General Data Protection Regulation coming into force, we wanted to be sure that we were meeting the expectations of our European customers. After doing a bit a research, we turned our attention to ISO 27001 certification. It has allowed us to combine the specific requirements of the GDPR and go even further. ISO 27001 certification is a standard recognized worldwide. It attests to the fact that Objectif Lune has put processes in place to guarantee the security, confidentiality, integrity and availability of its data.
And because our reach is international, we’re not only doing this for our European customers, but we’re taking the same approach for all of our customers, no matter where they are in the world. So everyone is on an equal footing because we’re applying the GDPR—the most stringent standard around—across the board.
What are the unexpected benefits of certification?
It has allowed us to secure new contracts with large companies that would not have done business with us otherwise. We’ve succeeded in demonstrating to customers that Objectif Lune is committed to data security.
So you could say it has actually opened doors and the profits have exceeded the investment.
Finally, what advice would you give companies who would like to pursue this process to enhance their system security?
I would recommend that they pay special attention to the “human” side of things. What makes security complex has less to do with the technical side than with the people side. You need to ensure that your employees fully understand the implications of their work, their tools and the security spinoffs.
During the process, we also realized that what took time was examining our existing systems and processes. For a company like ours that has been well established for a number of years and that has acquired many systems over time, the process is longer, and certainly more costly.
On the other hand, I should point out that the exercise pleasantly surprised me. Not only was the ISO certificate worthwhile, but so was the entire exercise of reviewing our systems and processes. It helped a great deal in raising people’s awareness beyond the security level. For example, some of our departments later took the initiative on their own to adjust their methods in order to ensure greater security. So we are continually motivated to keep up our efforts and stay focused to retain our certification.
Thanks to Daniel Desjardins for sharing his experience with Objectif Lune’s ISO27001 certification process!