March 01, 2023 / by Charbel Aghnatios / In security

Tikabu's ISO 27001 certification journey

Obtaining ISO 27001 certification is a major accomplishment for any company that takes information security seriously.

ISO 27001 is a globally recognized standard for information security management systems (ISMS) that helps organizations manage and protect their sensitive data.

In this article, we will discuss how Tikabu obtained ISO 27001 certification.

So, why did we pursue ISO 27001 certification?

At Tikabu, we understand the importance of protecting our clients’ data and maintaining their trust.

We also recognize that ISO 27001 is a widely recognized standard for information security that can provide our clients with the confidence that their data is being handled with the utmost care.

As a result, we made the decision to pursue ISO 27001 certification and set out on the path to achieve it.

Product selection

As a first step, we needed a way of structuring our ISO 27001 approach and not re-invent the wheel with policies and procedures as well as utilising as much automation as possible.

We have tried previously to leverage open-source tools and frameworks but we eventually decided to look for an off the shelf product to assist us on this journey.

The product selection journey began in June 2022 when we started researching various options to help us improve and manage our information security management system (ISMS) and facilitate the certification process.

After careful consideration and evaluation, we ultimately selected Vanta few weeks later.

What we mostly liked about Vanta(besides the platform features), were the meetings we had with a Vanta representative every fortnight. This helped us stay on track and enabled us to seek clarifications and advice on to the various aspects of the ISO 27001 documentation.

ISMS and scheduling internal and external audits

The first step in obtaining ISO 27001 certification was to establish an information security management system (ISMS) that met the requirements of the standard.

This involved identifying the assets we needed to protect, assessing the risks associated with those assets, and implementing controls to mitigate those risks.

We also established a system for monitoring and continually improving our information security practices.

Our internal audit was completed in November 2022, and we were able to move through the remaining certification stages in a timely manner.

The stage 1 external audit was completed in December 2022 followed by the stage 2 external audit in January 2023, and we obtained our certification in February 2023!

Global Compliance Certification (GCC) was the external auditing firm we used. The auditor was professional, thorough, and provided valuable feedback that helped us improve our ISMS.

ISO 27001:2022

Before you ask! No, we didn’t end up obtaining ISO 27001:2022! By the time it was available, we were already on our ISO 27001:2013 journey but not all is lost, Vanta tells us that we are almost there already with the work we have previously completed!

Obtaining ISO 27001 certification was a significant milestone for us, we hope you found this article useful and please reach out directly if you have any questions.