PR and News

Avain Technologies Oy received ISO/IEC 27001 Certification

Finnish software house Avain Technologies Oy updated its BS 7799-2 information security certificate to comply with the ISO/IEC 27001 standard.

ISO/IEC 27001 is one of the most demanding information security certificates awarded internationally. It sets strict requirements regarding the planning, implementation and internal monitoring of information security processes for applicants. Applicants for the certificate are audited once a year by an independent certification authority that fulfils international competence requirements. The audits examine the organisation’s ability to meet the standard’s information security requirements through staff interviews and spot checks.

Although the BS 7799-2 certificate obtained previously by Technologies gave the company a good basis for achieving the stricter ISO standard, Product Development Director Petteri Sulonen, head of information security, admitted that the new standard meant that even a company with such solid information security levels as Avain Technologies had to redefine some of its processes.

In contrast to BS 7799-2, applicants for the ISO certificate must also organise measurements of their own information security level and assessments of the permeability of information security awareness in the organisation, in whatever way they deem best. After the audit conducted at the beginning of 2007, Avain Technologies was praised especially for the follow-up model created by the head of information security, as well as for the exceptionally successful coupling of information security into the organisation’s processes through training, practical implementations and monitoring alike.

Thanks to this high level of commitment, Avain Technologies Oy received ISO/IEC 27001 certification with no exceptions, and its internal audit system was even highlighted as a kind of reference model for others.

In addition to its staff, Avain Technologies wishes to congratulate its customers, for whom the ISO/IEC 27001 standard is a guarantee of the high information security level of their customer accounts and projects with the company. At the same time, it is an indication of how up to date the company’s organisation and support functions are.