ACEN group achieves ISO 27001:2017 certification

Yet another milestone in the ACEN group journey. together with our subsidiaries ActWise and Orlox, we successfully earned the ISO 27001:2017 certification. ACEN joins IS4U and Nynox, who already gained the ISO 27001 certification in 2022.

This certification is a nice complement towards all the effort and implementations that underscores our dedication to ensure the highest level of security for our clients, but also for our employees.

The ISO 27001 certification? Why?

ISO 27001 is a globally recognized standard for information security management. By achieving this certification, we’re demonstrating our commitment to protecting sensitive data, improving our operational efficiency and building trust as a reliable cybersecurity partner.

Additionally, ISO 27001 facilitates risk management practices and secure operations across the organization, ensuring compliance with the law and guaranteeing business continuity, by preparing us against potential threats. Last but not least, this certification opens up a broader range of opportunities. This allows us to participate in markets where this certification is a prerequisite.

What’s next? The strategic path towards 2025!

Why did we not immediately transition to ISO 27001:2022? The decision to pursue ISO 27001:2017 certification at this moment, rather than immediately transitioning to the ISO 27001:2022 standard, was a strategic one. We defined 3 strategic moments: 
  • Scope expansion: Expanding our existing scope (the certification of IS4U and Nynox) to include the additional companies ACEN, ActWise and Orlox. The certification of IS4U and Nynox had already been completed in 2O22. 
  • Transition to ISO 27001:2022: The transition to the 2022 version was already possible but the deadline is September 2025. So we had the time to expand our scope and include the other subsidiaries in the upcoming transition.
  • Recertification: The recertification process (for IS4U and Nynox), which occurs every three years, can now be combined with the transition to the new standard in 2025, which saves us time and money.
This timeline also reflects ACEN’s unified approach across all our subsidiaries, making sure that information security measures are consistent across the whole ACEN group.

“I started this ISO journey as a one-man team in 2021, but over time, the ISO team grew. Achieving the certification in 2022 was a milestone in my career. Now, it’s about maintaining and improving our practices. This is just the end of the first cycle; it doesn’t stop here. We are ready for the second cycle.”

 

– Veerle Bergiers, CISO at ACEN –

The difference between ISO 27001:2017 and ISO 27001:2022

The ISO 27001:2022 standard introduces a few important updates compared to the 2017 version. This is necessary as the digital landscape and cybersecurity scene evolves at such a rapid pace. But what changed?
  • Restructured the existing controls: The number of controls in has been reduced from 114 to 93. This does not mean there are fewer controls, they are just consolidated and simplified for more structure and a clearer overview.
  • 11 new controls have been added: As the landscape and security challenges keep evolving, so do the controls in the certification, new controls are including cloud security and data leakage prevention for example.
While the core requirements of the 2017 version mostly stay the same, the 2022 update ensures that organizations are better equipped to handle current information security risks and challenges.

It’s a team effort! Internal communication and awareness

For achieving (and maintaining) this certification, internal communication and awareness is a must! It makes sure that all the responsibilities related to the certification are clearly understood across the organization.

To keep everyone within the organization aware, informed and engaged, we host online mandatory sessions to give everyone the needed information. We are also building an ACEN intranet where all relevant information will be centralized. 

In addition, the information will also be distributed through our internal channels, such as the company’s TV channel in ACEN offices, our internal newsletter and Riot (an interactive tool to educate our employees).

ISO 27001 and NIS2

ISO 27001 and NIS2 are closely related as they both have improving cybersecurity as a goal. But of course there’s a difference:

  • ISO 27001 provides a broader framework for managing information security across any organization (ISO is an international standard for information security management systems (ISMS) and can be applied to any organization worldwide).
  • The NIS2 Directive sets mandatory cybersecurity requirements for specific sectors within the EU, focusing on risk management and incident reporting. 

ISO certifications can be seen as a good foundation for meeting the NIS2 requirements. If your organization is ISO 27001 certified, you’ll notice that many of the NIS2 requirements are already met, making compliance with NIS2 more straightforward. 

Ready to take a closer look at the NIS2 directive? Head over to our NIS2 page.

More information about ISO 27001 certification or the road to NIS2?

Book a meeting with one of our experts!

Share this article

Interested in learning more about our solutions and how they can benefit your business?

Contact us now for personalized insights and solutions.

Related articles

ACEN acer – Gustavo Alito

Follow Gustavo's journey from Brazil to Belgium, growing as a Security Consultant and innovating...

5 signs your business needs a cybersecurity assessment

Discover the 5 signs your business needs a cybersecurity assessment. Ensure business continuity and...

Full throttle with the CCB’s CyberFundamentals Framework

At ACEN, we understand the ever-present threat of cyberattacks. When following the latest news...

Subscribe to our newsletter

We only use your e-mail address to send newsletters.

We do not pass on your address to third parties.

Security as a Service

Experience peace of mind with our Security as a Service – your company’s ultimate shield against threats, featuring reliable 24/7 protection, local support, and a tailored approach to meet all your unique security needs.

We are looking for talent

Check out our careers platform and discover our wide range of cybersecurity opportunities!