Pindena meets the ISO 27001 standard for information security
Publisert: 13.09.2024
In 2021, Pindena implemented internal controls for information security. This laid the groundwork for a new external audit in spring 2024. Heidi Martens-Lea is pleased with the results.
Security starts behind the scenes
Introducing internal controls naturally involves clear documentation and procedures that must be maintained. Heidi Martens-Lea, Pindena’s Information Security Manager (ISM), has worked closely with the team to ensure that security remains a priority.
“One of the most important things we deliver for our customers is security. After working consistently on this for several years, we can clearly see the benefits of having a structured management system. It helps us keep an overview and do an even better job,” Heidi explains.
Moreover, she wants security to be integrated into everything Pindena does — and the rest of the team fully supports this approach.
“In fact, security starts behind the scenes, with our staff. We must be able to demonstrate that security runs like a red thread through everything we do, to prove that our system is among the most secure registration solutions in Norway,” she adds.
Positive outcome from the 2024 security audit
In May, an external audit was carried out in collaboration with Chief Consultant and Project Manager Elin Huset from Relato and Stig H. Øksnes from Isox. Heidi reviewed existing measures and processes, and developed new elements required by the updated standard.
“Since the last audit in 2021, the standard has changed from the 2017 to the 2022 version. So there was some extra work involved in adapting to the new version,” Heidi explains.
“In the previous external audit, certain chapters were excluded, but this time everything was covered — including the Statement of Applicability (SoA) and several new guidelines and procedures. We discovered that much of this was already in place in practice, but not always documented formally,” she explains.
A reassuring confirmation — compliant with the ISO 27001 standard
Pindena has now received a compliance statement following the 2024 audit. According to Relato, Pindena has a clear competitive advantage through its alignment with the ISO 27001 standard. Elin Huset from Relato points out that only a few additional measures would be needed to achieve full ISO 27001 certification, though this would require an annual external audit.
“For now, we have chosen not to certify the company,” says Heidi.
“We see that the work we’re doing is sufficient. But it’s reassuring to have confirmation that everything is in order according to the standard — and that we could easily achieve certification if we decided to,” she concludes.
View the compliance declaration from Relato (NO)..