Ever since Finbiosoft was founded, we have taken information security very seriously. We have been delighted to notice that our customers also expect us to follow good security practices. However, it hasn’t been easy to demonstrate that our methods of ensuring security are trustworthy. While we have had periodic security audits for our products, our premises and processes had not been audited. Thus, you essentially had to trust that we were doing as we claimed.
Yet, it’s not only about whether you believe we adhere to best practices. Like athletes who measure their skills in competitions, we felt we needed an independent evaluation of our performance. We wanted to make sure we have a realistic view on where and how we could still improve.
We’ve finally found our benchmarking standard: ISO/IEC 27001. This standard promotes a comprehensive approach to information security, offering guidelines for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). It aids organizations in improving risk management, cyber-resilience, and operational excellence. Implementing ISO/IEC 27001 confirms our adherence to best practices, and achieving its certification is a way to demonstrate our dedication and capability to manage information securely.
We wanted to align our ISMS seamlessly with our existing tools and workflows. While we already maintained high-security routines and continuous improvement, the process of implementing ISO/IEC 27001 consolidated the associated documentation into an ISMS. Now this system is operational and has undergone an audit by an independent auditor, Kiwa. In their comprehensive review, the auditors highlighted Finbiosoft’s recognition of information security as a pivotal strategic asset. They were impressed by our ISMS implementation and were assured that our actions align with our declared principles.
The way we see it, security and quality are things that are not achieved solely by creating documentation. While documents guide adherence to proper procedures, they alone are not sufficient. It’s our team that makes decisions, not documentation. That’s why we engaged all employees in crafting our ISMS. This collaborative approach ensured that the documentation accurately describes the way we work, and that everyone is committed to following the established protocols.
We also strongly advocate for automation. Just as we see that automation can significantly reduce our customers’ workload, we simplify our own work by incorporating automation wherever possible. We employ a combination of advanced tools to guarantee the security of our products and to facilitate adherence to our processes. The more we eliminate the possibility of human error, the higher the level of security we can achieve.
However, we recognise that absolute security is elusive. Therefore, we’ve bolstered our contingency plans for potential security breaches and optimized processes that empower us to swiftly contain any threats. For this, it’s vital that our employees are committed, accountable for their actions and willing to highlight issues, whether stemming from their actions or those of their colleagues. Their proactive approach, combined with our enhanced security measures, strengthens our overall defense against potential threats. That’s why we promote a blame-free company culture where setbacks are viewed as learning opportunities and innovative suggestions are warmly received.