Managing Director Christian Hauschildt explains what this means and why it is important

14 October is ‘World Standards Day’ when we pay tribute to the collaborative efforts of thousands of experts worldwide who develop the voluntary technical agreements that are published as international standards. For two years now, White Research has been rewarded the ISO 27001 certification for information security management, which was most recently renewed on 8 October 2021. Our Managing Director and Information Security Officer Christian Hauschildt explains what this certification means and why it is so important for White Research.

Chirstian Hauschildt, Managing Director, White Research

What is the ISO 27001 certification?

ISO 27001 is an important international standard for information security management issued by the International Standards Organisation (ISO). It certifies that a company has a secure system in place that properly manages information such as client and staff data, financial information and intellectual property.

How long has White Research had the ISO27001 certification for?
White Research has been certified for a little over 2 years now. After our original certification we underwent two more audits by the accredited certification organisation TUV. The latest audit was on 8 October 2021, which we passed with flying colours.

Why is White Research ISO 27001 certified?
We successfully applied to be ISO 27001 certified because we want our clients and partners to know that their information is safe with us. In our sector we often work with very sensitive data. If it is not managed properly, it can quite easily be lost or fall in the wrong hands. Anyone who follows the news knows this.

Is the certification difficult to get? What do you need to do?
We invested significant time and resources to reach the required minimum information security management standards. More specifically, we had to establish and implement many policies and procedures in areas such as physical security (locks, alarms, cameras etc.), hardware, software and employee training. An external auditor reviews our system at least once a year, so we have to continuously monitor and update our policies and systems.

Do companies specifically look for this certification?
Some companies and organisations require the certification while others look for it. Many companies do not. All organisations however care deeply about their information security. We have heard from many clients and partners who do not require the certification, that they considered it a major selling point.

Would you recommend other boutique consultancies to seek this certification?
The time and investment is worth it, especially for a growing consultancy like White Research. First, it is easier to implement and maintain while you are still small. You can then let the system grow with your organization, rather than trying to get it later when your organization is much larger. Second, it will pay back because of the signal you are sending to the world. And most importantly, it will protect you and your partners from a lot of threats that can cost your organization significantly more.

Are there any other standards that White Research is planning to apply for in the near future?
In the future, we might consider the ISO 9001 standard for quality management and ISO 14001 for environmental management as these are two areas that are very important to us and that we have already dedicated a lot of time and resources to.