At the turn of February and March 2023, we successfully passed another recertification audit for compliance with ISO 9001 and ISO 27001. These standards represent the basis for our Integrated Quality and Information Security Management System operating at TALEX S.A. The result of the audit was positive and, consequently, on the 3rd of April we received certificates of compliance with the aforementioned standards.
Market requirements – the quality of services and security of information
In the IT industry, nothing is constant. This statement is certainly an exaggeration, yet there is also a bit of truth in it. It is not easy to keep up with all the changes, as the recent AI boom, for example, shows. In this dynamic technological race, however, certain things should not change and should always remain at the highest level, i.e. the quality of service and the security of information. It is even more difficult to keep them at a high level when changes in the industry (and beyond) are happening so fast.
Therefore, a good idea is to take advantage of the internationally recognized ISO standards, which help to run an organization according to defined standards. This is especially true given that certificates for their compliance are only awarded for a period of three years, which perfectly matches the dynamics of change in the market. Thus, as planned, we proceeded once again with a recertification audit of the ISO 9001 and ISO 27001 standards. As a result of the audit, on the 3rd of April, we received both certificates. In this ever-changing IT world, we hereby announce to our clients that the quality and the level of security are at a consistently high level at Talex.
Quality management – what is ISO 9001?
A quality management system based on ISO 9001 requires that the processes, procedures and responsibilities of an organization are defined to achieve its goals and quality principles. ISO 9001 is based on seven quality management principles that outline how a company should operate to meet the requirements of its clients and stakeholders. These principles include: customer focus, leadership, engagement of employees, process approach, continuous improvement, evidence-based decision-making and relationship management.
Obviously, there are benefits from complying with ISO 9001 and becoming certified. In particular, these include:
- increased efficiency, productivity and quality of activities undertaken;
- early detection and identification of risks;
- compliance with statutory and regulatory requirements;
- wider, global operations in new markets
Information security – what is ISO 27001?
ISO/IEC 27001 is an international standard that specifies the requirements for an information security management system (ISMS). An ISMS is an important tool for companies that want to secure their assets, including financial information, intellectual property, the data of employees and any information provided by third parties.
Compliance with ISO/IEC 27001 requires that processes, procedures and responsibilities relating to information security policies and objectives are documented, which, with the implementation of adequate safeguards, ensures the consistency and effectiveness of the company’s information security management process.
The benefits of complying with ISO 27001 standards include:
- provision of information security;
- proper risk management;
- protection of the company’s reputation;
- creation of a security culture.
Preparations for the audit
The certification audit is the final stage of the months of intensive work. Meeting standards is, after all, an ongoing process that we carry out on a daily basis. Nonetheless, preparation for the audit itself requires making the necessary preparations. They involve, among other things:
- discussing and referring to post-audit comments and guidance, and eliminating or mitigating any potential non-compliance;
- reviews of all ISO documentation;
- performance of business continuity tests;
- executing internal audits on a regular basis;
- managing processes for recording incidents and changes;
- conducting risk and opportunity analyses with business owners;
- preparation of a risk management plan;
- execution of the Management Review.
What was the audit like?
The audit took place at the turn of February and March and lasted a full four days. It was carried out in several of our branches located throughout Poland and, certainly, in the headquarters of Talex in Poznan. Our auditor was an accredited unit of global renown, SGS, a company that also certifies Talex in terms of compliance with ISO 22237 and EN 50600 standards (Data Center design and infrastructure).
Since it was a certification audit, a verification of the proper execution of the processes covered by the certification was necessary. Therefore, the auditors interviewed all owners of the processes. During such discussions, the process owners presented documentation and other audit evidence as required.
We certified processes relating to: Data Center, business continuity, IT outsourcing, cloud computing and software development, client acquisition.
Conclusion
It is good to have reliable and stable ground in the ever-changing IT industry. Technology is constantly racing ahead and all the more we shall always take care of the most elementary factors. It proves our respect towards our clients. This is why we probably will be back in three years’ time with a similar topic – the recertification of ISO 9001 and ISO 27001 standards. We shall see where the IT industry will be then. For us, one thing will obviously remain the same – provision of high quality services and security levels.
Read also: ISO/IEC 22237 – a new, international standard for Data Center