Tuotteet

et
en
fi

Uutisvirta:

Takaisin

How We Built a Value-Adding Information Security Management System at BCS Itera

Source: Äri-IT Spring 2025

Author: Janar Randväli, Head of Cybersecurity, BCS Itera

 

Why Every ERP Partner Needs an Information Security Standard

 

Why Every ERP Partner Needs an Information Security Standard

Why Dealing with Information Security Was Unavoidable at BCS Itera

The days when cybersecurity was solely the IT department’s concern are long gone. Today’s cyber landscape is fraught with both visible and hidden threats, making information security a daily priority for every company.

Information security requires a holistic approach, based on three core principles:

  • Information security must support the company’s core business.
  • Security must be an integral part of every activity.
  • All company employees must be involved in ensuring information security, with everyone understanding their role and responsibilities.

Our clients also think about security systematically, mapping potential risks for both services and products. They often ask directly: ”How do you protect our information, processes, and clients?” This question can’t be answered vaguely; it requires concrete, well-thought-out solutions. Therefore, ensuring comprehensive and systematic cybersecurity became increasingly important for us, leading us to look towards an internationally recognized standard.

 

How We Reached the ISO 27001 Standard

The decision to adopt the ISO 27001:2024 standard stemmed from several reasons:

  • International Reliability. We aim to offer products and services not only in the Estonian market but also in neighboring countries, including the Baltics and Scandinavia. ISO 27001 is an internationally recognized information security standard that instills confidence in both local and international partners.
  • Compatibility with Existing Processes. We already held an ISO 9001 certificate, which defined our quality management framework. However, specific regulation of information security required a more in-depth approach. ISO 27001 allowed us to create a unified information security management system that also aligns with the Estonian Cybersecurity Act and the E-ITS information security standard.
  • Structured Approach to Risk Management. The standard helped us establish a clear and systematic methodology for risk analysis, standardizing procedures, and employee training. It’s not just a formal document but a daily tool that supports strategic decisions and operational information security management.

 

What Were the Biggest Challenges in Certification?

As a large and mature organization by Estonian standards, we had well-established processes and a strong work culture. This was both an advantage and a challenge.

  • Complexity of Risk Analysis. Previous security measures that seemed sufficient often required refinement or even complete overhaul. Thorough risk analysis helped us identify weaknesses and prioritize which measures to implement immediately and which to introduce gradually. Once the risk analysis was complete, a very concrete information security action plan emerged, including necessary technical developments and employee training.
  • Adapting Procedures. Since we already had an ISO 9001 quality management system, we had to adapt existing processes (such as handling deviations, internal controls, and process documentation) to the specifics of information security. Information security management, in addition to quality control, involves risk management, incident detection, and crisis management, which required extensive reorganization and inter-departmental cooperation.

 

What Does ISO 27001 Certification Give an ERP Partner?

Holding the ISO 27001 standard provides benefits on several levels, both for us and for our clients.

  • Proof of Reliability. The certificate confirms that our information security processes meet internationally agreed-upon requirements. This builds confidence for both existing and new clients and strengthens our position in international markets where partners often expect certified security.
  • Comprehensive Security Measures Framework. The standard provides us with a robust system for risk management, process documentation, and continuous improvement. We don’t have to invent information security measures from scratch; we rely on internationally recognized best practices.
  • Better Structured Internal Processes. The certificate disciplines us to consistently address issues of data protection, access rights, and workplace security. It raises awareness within the organization that security is not just the IT department’s responsibility but a common goal for the entire company.
  • Competitive Advantage in the Market. Clients are paying increasing attention to information security. Many tenders and partnerships require certified information security, and ISO 27001 gives us a clear advantage over competitors who lack it.
  • Systematic Prevention and Preparedness. Regular audits and monitoring processes help us identify information security bottlenecks before they become problems. This allows us to prevent potential attacks and protect our clients from hidden threats.

 

Conclusion – Why ISO 27001 Is More Than Just a ”Paper on the Wall”

For us, the ISO 27001 standard is more than a formality; it’s proof of methodical and well-considered cybersecurity management. It assures our clients that their data and processes are protected according to internationally recognized best practices.

Even more importantly, it helps us evolve with the changing cyber landscape and client needs, providing consistent value both today and in the future.

As a cybersecurity expert at BCS Itera, we can also help your company elevate its information security to a new level. Cybersecurity isn’t a one-time project; it’s a strategic investment in your company’s sustainability.

BI

International Business Communication Standards (IBCS) Make Business Reports Clear and Readable

Eelmine uudis
Ota yhteyttä!