The government of security | Aton obtains ISO27001 certification

The government of security

The culture of computer security requires constant efforts to protect hardware and software.

A tangible corporate asset can be protected physically to a greater or lesser extent, while data protection represents a major challenge for the company. Information security is not a simple topic, it has a thousand implications: pitfalls are around the corner, well hidden and new malware, phishing and intrusion techniques are invented every day.

That’s why we decided to take the ISO27001 certification and after a few months, which saw us engaged in this process, we officially received the news from the body that conducted the audit.

But let’s start from the beginning:

What ISO27001 is and why we decided to join it?

ISO/IEC 27001 is an international standard containing requirements for setting up and governing an information security management system (SGSI or ISMS, Information Security Management System).

The reasons why we chose it are mainly two:

• To begin, we wanted to objectively certify the care that the company takes in managing its own data and those entrusted to us. On a daily basis, our operators assist our customers’ employees in the management and maintenance of their information; the security of this information is almost a taken-for-granted and implicit principle for us. We therefore wanted to highlight this attention externally in a way that was not self-referential and subjective, but objective and certified by a third party. We therefore decided to take the path of certification by relying on one of the most authoritative bodies: Bureau Veritas.
• The second reason, which is closely linked to one of our guiding values ‘Passion for Innovation‘, is the willingness to improve through external input. Passing our processes, regulations, policies under the magnifying glass of an auditor has allowed us to identify new points on which to focus in order to provide a qualitatively superior service in terms of security. The ISMS system we have implemented will also allow us to continue to evolve in this direction.

Information security is not a simple topic, it has a thousand facets: pitfalls are around the corner, well hidden and new malware, phishing and intrusion techniques are invented every day.

The focus must be on continuous improvement every day.

I would like to take this opportunity to thank all the members of the Security Team with whom I worked closely in the preparatory activities and with whom I collaborate constantly on this topic. I would like to thank all the atonpeople who actively and tirelessly contributed to the achievement of this goal.