The ISO 27001 series certification confirms the all-round excellence of Forship Engenharia and HMSWeb Tecnologia da Informação.
The commitment of the Forship Group teams was decisive for the first certification in Information Security (IS) of Forship Engenharia and HMSWeb Tecnologia da Informação. The companies already had the ISO certification series 9001 (Quality Management), 14001 (Environmental Management) and 45001 (Occupational Safety Management). “We are always looking for absolute excellence in all our activities and operations. That is why we sought this certification”, says the president and CEO of the Forship Group, Fabio Fares.
”It took six months of hard work that resulted in both companies being certified in the 27001 series (Information Security) with the 27701 (Privacy) and 27018 (data privacy in cloud computing) extensions. We are one of the first Brazilian companies to achieve certification in the most recent version, from 2022, which contains a modernization of several controls and concepts”, celebrates Luciano Gaete, CEO of HMSWeb and IT director of the Forship Group.
The executive highlights that the certification is extremely significant, particularly technically, but also for business and the image of the Forship Group. “It was imperative that our processes, procedures and information systems were reviewed from the perspective of information security, protection and privacy of personal data and corporate data, including certifying our compliance system with the LGPD (”Brazilian General Data Protection Law“),” adds Gaete.
METICULOUS WORK
According to him, over the course of approximately six months the team from both companies carried out a thorough analysis of information assets, internal and external threats and vulnerabilities.
“We mapped hundreds of actions to mitigate or eliminate such risks, thus raising the Forship Group’s level in these areas as well”, he points out. He states that, from a commercial point of view, the level of demand from customers is increasing in terms of the confidentiality of the information handled, in addition, of course, to its availability and integrity. On top of this, there are the privacy requirements of the LGPD.
“In this sense, the new certifications are already giving us and our customers the assurance that we treat the data to which we have access and which we store in our systems very seriously and professionally, improving, for example, our image and reputation in the market, not to mention a better score in vendor lists, explains the executive.
CHALLENGE OVERCOME
Luciano Gaete points out that the great challenge was to cross reference the enormous amount of information assets with internal and external threats, analyzing and implementing, case by case, the best mitigation, elimination or even acceptance action, as the case may be. “Another big challenge is everyone’s training and awareness! The most important point in IS, contrary to what it may seem at first, are not the IT systems and tools, but us, the users!”
The big challenge now, according to the two executives, is not to let one’s guard down, to maintain focus and constant concern with IS, incorporating IS practices into the company’s culture and day-to-day activities, in all areas of activity, following the procedures of our brand new ISMS (Information Security Management System), maintaining a continuous evolution of the system, according to the needs of the Forship Group and customers.