Behind the Scenes: Our Journey to Achieving ISO Certification
The Team @ Giant Swarm
• Jul 13, 2020
Recently, Giant Swarm received the ISO 27001 certification from the International Organization of Standardization. 🎉To get it out of the way, here's what that really means:
ISO 27001 is the most respected standard for information security management systems. By adhering to this set of standards, organizations like ours commit to the highest specification when managing the security of assets ranging from financial information to intellectual property, and employee details.
The relatively smooth and swift (21 months!) process resulting in the achievement of this certification is proof of our commitment to serving our customers to the best of our ability. It also shows we can get something done against all odds. We originally set out to earn this certification because every potential customer we were talking to had it as one checkbox to complete, even though we soon learned it wouldn’t decrease any security screening we had to do with said lead. At the same time, we wanted to ensure we adhered to the highest standard of security management — for ourselves and for our customers. During the audit process, we were able to demonstrate our agile but systematic and documented approach works with the more standard and documentation driven ISO27001, which now serves as evidence to potential and existing customers that we’re dedicated to avoiding and mitigating security risks.
We’re proud of our success in this process, however, in the words of Giant Swarm’s Operations Manager Thea Hüttenberger, “Over the coming months we will have to embed it deeper into our existing processes to make sure that we really live it.” And therein lies the challenge — or the opportunity.
As a remote-first company with a team distributed across the world, we’re well-versed when it comes to the importance of relevant and well-organized documentation and our growing size has made some processes more important. At the same time, we know things change quickly and we constantly need to make sure that both documentation and processes make us better. That being said, this process forced us to think not only of the end goal — transparency, sharing knowledge, teamwork — but also the method in which we achieve that goal. We had to balance the ‘why’ with the ‘how’.
Inspired by the Socialization, Externalization, Combination, Internalization (SECI) model when it comes to how we tackle the ‘why’ (more on this in an upcoming blog post). When we investigated the ‘how’ we realized that our team’s distributed location meant that we had to ensure office-grade security in a remote home-office setting. Along with this, we had to find a way to use the tools that we’re most familiar with in a way that supports and upholds our commitment to security. Using Github as the repository for the necessary documentation and leveraging off of our cross-functional work ethic, the achievement of the certification is a credit to everyone in the organization who in some function or form had to contribute.
“In all of our efforts for our customers, we aim to achieve top-grade, industry-leading security. The achievement of this accreditation is a testament to the consistent teamwork to ensure that security is a top-of-mind priority at all levels.” — Oliver Thylmann, Giant Swarm's Co-Founder and CCO