+
  Policy’s role in authorization, XACML today, & OpenID’s new policy charter Listen to the podcast  

The one about ISO certifications | Dynamically Speaking

Recently, Axiomatics announced we’d achieved ISO 9001 and ISO 27001 certifications.

But…what does that really mean?

In this episode of Dynamically Speaking, Axiomatics COO Alexander Nyblaeus shares his thoughts on the certification process, why it’s important, and what it means for customers and partners.

Kelly: Hi, everyone, and thank you for joining us on this the latest episode of Dynamically Speaking! Very excited today to have with us as our guest, Alexander Nyblaeus, who is the Chief Operating Officer of Axiom attics. Welcome, Alexander, thank you so much for joining us.

Alexander: Thank you very much, Kelly. I’m happy to be here.

Kelly: Wonderful. So, today we’re going to talk a little bit about certifications.

Most recently, Alexander led the team internally at Axiomatics to achieve a couple of really great certifications. I wanted to learn a little bit more about that. To that end, Alexander, at a high level, can you tell us a little bit about these certifications and why they’re important?

Alexander: Right, so we’ll start with the actual naming, which is ISO certification in two standards.

It’s ISO 9001, which addresses a quality framework Quality System Management System framework.

And then it’s the 27,001, which is the information security framework.

So, these are international standards, they are overlapping to a large extent with SOC two that you’re using in North America to a large extent. They have great similarities, but we’ve chosen to go with the with the ISO standard.

Kelly: Okay, thank you. So, to that end, why are these standards important for Axiomatics? So, what was it that you thought yes, we need to embark on this process, it’s critically important.

Alexander: Well, there are actually a few one is definitely an increased common requirements from stakeholders from potential clients from existing clients to gain such certification.

We also see that during negotiations and requirement for proposals and questionnaires we are answering pretty much the same question.

So, we already had a big database of information that was not formalized in a proper way and also it ensures for the company to prepare for scalability to have old process verified and audited.  So it was both an internal wanting from from the management and the board as well, to gain such certification for the for the company’s best, but also obviously for for axiomatic stakeholders and clients.

Kelly: Okay, and what was the process like to get certified? How intense was that for you and for the team?

Alexander: Well, I have personally been involved in a few other ISO certifications previously and in my working life.

I know it is. It can be seen as a big project, it is a big project and can be a bit overwhelming to start with.

But first of all, we we engaged when with an external consultant, okay, that that helped us to set up and prepare the work.

And I also during that time, learned that I think that the framework itself has progressed to be more pragmatic and business adopted. So we started with informing the company having the total commitment from as I said, from management and board to embark on this project.

And then informing the employees and engaging them the reasons why we’re doing this as we just talked about, and then starting somewhat small, with a skeleton that all addresses the standards requirements, and build from that, and that means that map and document all the core processes in the company, interview all process owners and stakeholders and then create the the company management manual, which is the core document for the for the certification that handles how the business is built, how it’s executed and how it’s controlled.

So, it was an intensive process, but it engaged all the stakeholders in the company. So once that has been set up We refined and did our own internal audits against the requirements.

And then when we felt that we were ready for external audits, we engaged with a certification body and here in Sweden, who came two instances, one in May of one in July to 2021. To do a full audit on both 9001 and 27,001 requirements, there were some deviations there always are.

And we did mitigations. against that. We achieved the standard in September for both 9001 and 27,001.

Kelly: Great, great. And, you know, I know this was certainly as you said, it wasn’t it can be overwhelming at times. And it was at some point, a very intensive process.

So, now that you’re you’re through that there’s been some time for for the dust to settle in the market is generally aware that Axiomatics has achieved these ISO milestones. What is the reaction been like from not only employees, but also from customers and partners?

Alexander: Well, if I started internally, I think it was a great experience.

With positive feedback from the employees, everybody felt engaged, because the the framework touches the whole organization to each and every individual.

So, it brought clarity to the employees of all the processes, it brought clarity, to visibility of Axiom ethics, and how it’s run as a company, and clear roles and rights and obligations to everybody.

It definitely increase the employment engagement, which has been obviously very positive for the company as well.

And for many stakeholders, both partners and clients and existing customers of Axiomatics, it has been very well received, because it is a quality statement, that we take care of their information and our information, and that we produce the product the best way with the highest quality.

Kelly: Great, great. And then, what’s this is the what’s next question? How does achieving these great milestones position axiomatic for success in the future?

Alexander: I think it’s nuance, a very good foundation for the company, this processes and ever ongoing process.

So, we are going to be re audited already next summer. And there are continuous improvement programs that goes into the, to the framework. So it enables a systematic platform for continuous improvement for us as a company.

And it prepares extra metrics for long term success in a very changing rapidly changing business environment, both when it comes to how we work with a pandemic in, in recent view, how we are working from home, we’re working from different satellite offices, and that requires different processes and controls when it comes to technology, and how we audit ourselves.

So, I think that it also prepares extreme ethics to grow.

That’s for now almost 50 employees, it is vitally important to have all processes in place so that the framework can run the company instead of the individuals so that we have total control of company assets and information and keep it that way.

Kelly: That’s great, very informative. Well, thank you very much, Alexander. This has been enlightening. I learned quite a bit about ISO certifications. And I think hopefully our viewers will as well.

Thank you very much for your time. This has been great. We look forward to hopefully welcoming you again to give us an update!

Alexander: Thank you very much. I would I would just stop to say with the final remark that it is a very valuable process to do it is can be cumbersome, but it’s well worth it.

 

Subscribe to our YouTube channel for more episodes, insights, solution demos, webinars, and more!

Archived under:
  Join us on LinkedIn for more insights
About the author

The world’s largest enterprises and government agencies continually depend on Axiomatics’ award-winning authorization platform to share sensitive, valuable and regulated digital assets – but only to authorized users and in the right context.