Celfocus recently obtained ISO/IEC 27001:2013 and ISO/IEC 27701:2019 certifications in the development, delivery and maintenance of technology solutions, together with all support processes. In practical terms, Celfocus is consolidating its commitment to embracing and ensuring best practices in information security and personal data protection while developing digital transformation solutions for its customers.
Celfocus’ portfolio has customers from more than twenty-five countries, all leaders in the telecommunications and financial sectors which, by the nature of their business, have high demands for the security of their information and protection of their personal data. Celfocus provides systems integration services to these companies using cutting-edge technologies focused on the Digital and Cognitive segments. For the entire operation to be successful, the various organizational areas which helped to standardize information security and personal data protection practices were involved.
Luís Anselmo, Information Security Manager at Celfocus, says that “information security and data protection play an increasingly more important role on the agenda of organizational decision-makers. At Celfocus, we are aware of the importance of these issues, which is why, in addition to having implemented all processes to comply with security and personal data protection requirements, we are also moving forward with certification from the Portuguese Certification Association (APCER). This is a way of unequivocally committing ourselves to what is most important to our stakeholders – the protection of their information.”
In the case of standard ISO/IEC 27001:2013, its adoption primarily revolved around the fact that it is recognized by the majority of the company’s customers, making it easier to work with their teams and above all setting a performance standard for information security in the activities carried out by Celfocus’ teams.
In addition, given the importance of protecting personal data, both internally and on behalf of customers, standard ISO/IEC 27701:2019 was adopted, whose requirements guarantee the secure processing of personal data in accordance with the General Data Protection Regulation (GDPR), together with compliance with legal and regulatory requirements applicable in the various regions where the company does business.
APCER was chosen for being the previous certifying entity of the remaining certifications held by Celfocus (ISO 9001, ISO 14001 and ISO 45001), and for being a benchmark in Portugal. Phase 1 of the concession audit was done in May. Given the maturity of the information security and privacy management systems, phase 2 was done soon after in June, and the process was wrapped up with the issuance of certificates in July.
These new certifications will boost confidence among customers, partners, suppliers, and employees.