Security first: H.Essers awarded ISO27001 certification

Anyone who is a customer of ours or follows our activities to some extent knows this to be true: H.Essers sets the bar high. We are constantly striving to improve our services and operations, to make an even bigger difference for our employees and customers. Being granted the ISO27001 certificate for our IT environment is another fine reward for all our efforts, in particular in the area of data security and handling. Indeed a fine example of different teams joining forces to achieve one goal.

Ellen De Schepper, Senior Manager PMO, and Ivar Indekeu, Senior Manager IT Operations, are now able to breathe a sigh of relief. After launching the ISMS project a year ago and undergoing an external audit in May, the ISO27001 label – which will be physically presented at the end of June – for the IT environment in our company has become a reality. Quite a feat in our sector, we must admit. Ellen De Schepper: ‘Data security is more important than ever to ensure the continuity of a company. H.Essers has in fact been working on this for a long time, and we had already advanced quite significantly in taking the necessary measures. Nevertheless, we wanted to see this materialised in an official certificate, just like we do for our warehouses in the Healthcare and Chemicals segment. These certificates are a clear quality guarantee for our customers. Over the past year, we have gone through a long process of preparing our company and our people. Data security is in fact more than just implementing the right technology: it requires putting thorough procedures in place as well as the cooperation of our staff in maintaining those procedures.’

Ivar Indekeu: ‘To ensure maximum information security, we set up an ISMS or Information Security Management System that we integrated into our IT organisation. An ISMS is not a software system, but a collection of procedures and processes that allows us to manage and continuously improve data security. The ISMS is not only there to help us achieve ISO certification, but also makes it easier to update our policies annually, raise employee awareness in relation to data security through appropriate training, and prevent or deal with critical incidents through an adequate plan. All in line, of course, with GDPR legislation.’

More than password security

The ISO27001 standard itself covers more than you might think. Ivar: ‘It ranges from password protection to fire protection. From the protection of personal, company and customer data to the proper IT infrastructure to the physical security of our buildings and how our people handle all that data. But it is also about how you can continue to guarantee your operations in the event of a data centre failure. What you need to do to achieve this ISO standard is described in no less than 18 chapters.’ Ivar and Ellen formed a close tandem last year to make it happen. Ellen: ‘We joined forces with Legal & GDPR, HR, Quality and Physical Security to prepare everything.’ An internal audit in March already showed that we were on track to obtain the certificate. This was also confirmed during the external audit that followed in May, which led to the official award of the certificate. Ivar: ‘A very good example of how we can join forces with other departments and put our shoulders to a common goal.’