Custom Connect has further proved its commitment to the quality assurance of its services and processes by obtaining an ISO27001 certification. For a company that serves some of the biggest global brands on the planet with enhanced data communication services, this information security management certification underlines their dedication to customer security.

ISO27001 certification is just one element in an extensive program at Custom Connect to keep Information Security of the Managed Data Communication Services Provider at the highest level across the company. In fact, Custom Connect is at the forefront of this quality and continuity-oriented approach within their market.

“When you are the preferred data communication provider of the largest global enterprises on this planet, you must comply with the highest requirements for security and business continuity. That goes far beyond just ticking the right boxes in a procurement questionnaire," explained Olav van Doorn, CEO, Custom Connect. "These companies carefully inspect how you operate and what you actually do to protect their data and to secure their communication. That’s why we always have been very keen on quality assurance of our services and processes -- and even more so with all the security incidents and data breaches in mind that make the news on a daily basis.

To obtain an objective review of its quality status, the company went through the rigorous ISO27001 certification process.  

“We have always operated along ISO standards and practices and it is rewarding to get this confirmation from ISO itself. The auditor complimented us for having implemented the ISO27001 ways of working for what they are meant for: the full implementation of the code for Information Security in all primary business processes," Van Doorn went on to say. "Many companies do just a little to get the certificate, we adopted all the works. It is a pity that ISO27001 does not show gradations in the scope of the standards that have been adopted. As an example: many companies have ISO-ed just their physical access policies, but we went all the way by adopting military grade ISO compliance across the company and all our processes -- including ongoing awareness programs."

One important aspect of every approach for Information Security -- ISO, GDPR and the like -- is the classification of data. At Custom Connect, all data that are related to customers have the highest, ‘critical’ classification during the end-to-end customer lifecycle: registration in CRM, quotations, service delivery handovers, invoices, support tickets, e-mail. All data about Custom Connect customers are encrypted are handled with the highest levels of confidentiality.

“We are like a bank in handling our data. That includes the separation of responsibilities in associated processes. The process owner is always supervised by someone else, who is supervised by our CSO, who is supervised by a fourth pair of eyes.”  

Getting to this quality level was a long, intense process but ultimately the best choice. “We made mistakes and encountered pitfalls. For now, we are happy with the results. But we see this is a continuous process and we will proceed with an ambitious improvement plan. As a transparent company, we are willing to share the lessons we learned in our journey. Simply contact me to learn from our experiences,” invites Van Doorn.