Yet another milestone in the ACEN group journey. together with our subsidiaries ActWise and Orlox, we successfully earned the ISO 27001:2017 certification. ACEN joins IS4U and Nynox, who already gained the ISO 27001 certification in 2022.
This certification is a nice complement towards all the effort and implementations that underscores our dedication to ensure the highest level of security for our clients, but also for our employees.
The ISO 27001 certification? Why?
ISO 27001 is a globally recognized standard for information security management. By achieving this certification, we’re demonstrating our commitment to protecting sensitive data, improving our operational efficiency and building trust as a reliable cybersecurity partner.
Additionally, ISO 27001 facilitates risk management practices and secure operations across the organization, ensuring compliance with the law and guaranteeing business continuity, by preparing us against potential threats. Last but not least, this certification opens up a broader range of opportunities. This allows us to participate in markets where this certification is a prerequisite.
What’s next? The strategic path towards 2025!
- Scope expansion: Expanding our existing scope (the certification of IS4U and Nynox) to include the additional companies ACEN, ActWise and Orlox. The certification of IS4U and Nynox had already been completed in 2O22.
- Transition to ISO 27001:2022: The transition to the 2022 version was already possible but the deadline is September 2025. So we had the time to expand our scope and include the other subsidiaries in the upcoming transition.
- Recertification: The recertification process (for IS4U and Nynox), which occurs every three years, can now be combined with the transition to the new standard in 2025, which saves us time and money.
“I started this ISO journey as a one-man team in 2021, but over time, the ISO team grew. Achieving the certification in 2022 was a milestone in my career. Now, it’s about maintaining and improving our practices. This is just the end of the first cycle; it doesn’t stop here. We are ready for the second cycle.”
– Veerle Bergiers, CISO at ACEN –
The difference between ISO 27001:2017 and ISO 27001:2022
- Restructured the existing controls: The number of controls in has been reduced from 114 to 93. This does not mean there are fewer controls, they are just consolidated and simplified for more structure and a clearer overview.
- 11 new controls have been added: As the landscape and security challenges keep evolving, so do the controls in the certification, new controls are including cloud security and data leakage prevention for example.
It’s a team effort! Internal communication and awareness
For achieving (and maintaining) this certification, internal communication and awareness is a must! It makes sure that all the responsibilities related to the certification are clearly understood across the organization.
To keep everyone within the organization aware, informed and engaged, we host online mandatory sessions to give everyone the needed information. We are also building an ACEN intranet where all relevant information will be centralized.
In addition, the information will also be distributed through our internal channels, such as the company’s TV channel in ACEN offices, our internal newsletter and Riot (an interactive tool to educate our employees).
ISO 27001 and NIS2
ISO 27001 and NIS2 are closely related as they both have improving cybersecurity as a goal. But of course there’s a difference:
- ISO 27001 provides a broader framework for managing information security across any organization (ISO is an international standard for information security management systems (ISMS) and can be applied to any organization worldwide).
- The NIS2 Directive sets mandatory cybersecurity requirements for specific sectors within the EU, focusing on risk management and incident reporting.
ISO certifications can be seen as a good foundation for meeting the NIS2 requirements. If your organization is ISO 27001 certified, you’ll notice that many of the NIS2 requirements are already met, making compliance with NIS2 more straightforward.
Ready to take a closer look at the NIS2 directive? Head over to our NIS2 page.
More information about ISO 27001 certification or the road to NIS2?
Book a meeting with one of our experts!