The ISO/IEC 27001:2013 certification remains one of the most trusted and widely recognised standards for Information Security Management across regions and industry sectors. We therefore embarked on our journey of obtaining a certification in late 2017 and obtained certification in early 2018. As of March 2019 we have also successfully passed our first supervisory audit without any findings.
Naturally, we used our own internal instance of Alyne for building our Information Security Management System (ISMS). As people at Microsoft used to say: Eat your own dogfood. In this White Paper, Karl Viertel shares some of the learnings that were gained along the way and provide a detailed guide for any organisation looking to obtain an ISO/IEC 27001:2013 certification – and how to implement it using Alyne’s Software as a Service. Karl summarises the main steps to achieving the certification, explains how to implement the necessary actions within Alyne and shares the lessons learned for each step.