Our ISO Certification Journey
by Harriet Emesomhike Dako
YouVerify got certified for ISO 27001 and ISO 27018 on September 20th, 2020. Amidst the whole pandemic and lockdown, we had to start with the process of the certification irrespective of what was going on.
Getting this certification was a great project for us as a tech company responsible for people’s PII (Personal Identifiable Information).
Harriet Emesomhike Dako, was the project lead, acting CISO, and Internal Auditor for the team. Alongside were other team members like Famous Ehichioya (Chief Technology Officer), Similoluwa Opayemi (In-house Legal Counsel and Data Protection Officer), Anita Ebere Okwuowulu (People Operations Specialist), and Gbenga Odegbami (Chief Executive Officer) who was there with us and contributed greatly from the beginning of the project till we got certified. Also, other staff members contributed to the certification process.
Why have we decided to get the certificate?
The way security is vital to businesses, so also it is important that we take appropriate steps to ensure that proper security measures are put in place. ISO 27001 is the best practice approach to ensure that we manage our information security properly by being compliant to the standard.
ISO 27018 is the best practice for the protection of personally identifiable information (PII) in public clouds, acting as PII processors, and it focuses on protecting the personal data in the cloud.
With the nature of our business, getting certified with ISO 27001 and ISO 27018 will ensure that our customers’ data and information irrespective of where they are residing, is well protected and secured.
To all our investors, this certification gives them the assurance that we have put together adequate security controls to ensure that risks are professionally managed.
The Certification Process
As a team, we had to first understand what the standard required and by so doing we got a clear understanding of the process involved. With the knowledge we got, we had to analyze our existing ISMS (Information Security Management System) and compared it with the ISO/IEC 27001 and ISO/IEC 27018 standards. By carrying out this analysis, we were able to figure out what needed to be done and how to go about the implementation. This was done by conducting a risk analysis on our existing system and processes and applying adequate controls to mitigate those risks according to the ISO/IEC 27001 and ISO/IEC 27018 standard.
After that, we conducted an in-house internal audit to ensure that we are in conformance with what both standards required. During this internal audit, we were able to identify and make corrections where necessary. Afterwards, a stage one audit was conducted by an external auditor to verify our conformance with both standards. A proper analysis was made, and we got feedback that enabled us to adequately prepare for the stage two audit.
The stage two audit was conducted in our office, where the external auditor got to speak with almost all the employees, asked questions, and made observations where necessary. It was a week of preparation and trying to get things right so we could get certified. Upon the successful completion of the audit, we were issued the certificate by the PECB MS certification body in ISO/IEC 27001:2013 and ISO/IEC 27018:2019 which are valid and renewable after three (3) years.
Trying to get certified for both ISO/IEC 27001:2013 and ISO/IEC 27018:2019 during the pandemic period was not an easy task at all. We were faced with lockdown and during this period, we were forced to work remotely which means we were trying to get things done at the same pace we had already set irrespective of the situation at hand. It was not easy, but we overcame it all as a team.
We owe it all to God for making it possible for us to pull this through irrespective of the situation we were faced with. Also, we are grateful to our certification body PECB MS and all employees of Youverify for their cooperation and contribution during the certification process. We could only have achieved this with such an amazing team who are willing and ready to work and achieve goals. We are proud of what we have achieved and we are bent on improving our system and process to better provide great services to all our investors.