In order to protect our employees, customers, partners, and company, we need to have a good view of the information security risks in our organization.
Therefore we need to have and maintain an information security management system, with clearly defined and documented policies, processes, procedures, and organizational structures.
To implement that system, we use ISO 27001:2013, an international standard designed for companies like ours, to use as a reference and guideline. Effective security is a team effort, and a successful ISMS requires participation and support from all employees and partners. Only then can we assure our colleagues, customers, and partners that their information is safe with us.