Our goal? Making
Recently, Appronto can call itself ISO 27001 and ISO 9001 certified, a process that we have started together with Molenaar & Plasman. ISO 27001 is a globally recognized standard for information security. He describes how to process information security so that the confidentiality, availability and integrity of data is guaranteed. ISO 9001 is an international standard that sets requirements for an organisation’s quality management system.
The certifications are proof that Appronto has things in order in the field of information security and quality control. We spoke with Appronto CFO Ronald Beer and M&P consultant Stefan van Nifterick about the process and the benefits of ISO certifications.
According to Ronald Beer, the reason to go for an ISO 27001 certification partly arose from a concrete customer need. “More and more customers have asked for this widely recognized information security certificate. We also see that more and more companies within our industry have this certification. In addition, we regularly work with sensitive information such as personal, medical and financial data. So it gradually became a must.”
With regard to ISO 9001, the situation was slightly different. This standard relates to quality management. It enables organizations to demonstrate that they consistently deliver products and services that meet the quality requirements set by customers.
“Our desire to also achieve ISO 9001 arose mainly from our own needs. We set high standards for our own quality standards. The ISO 9001 certification is a great tool for embedding it in a good quality management system,” says Ronald.
Ronald indicates that he was a bit hesitant about the entire certification process. “I have to admit that I wasn’t really looking forward to it at first. Certainly in the case of ISO 27001 you still have to deal with the necessary bureaucracy. You have to fill out many documents and formalize processes.
Fortunately, Molenaar & Plasman helped us very well with this. Joris van der Goes has done a fantastic job with his tenacity and direction, while filling in the documents was also a lot easier with the templates from Molenaar & Plasman.”
According to Stefan van Nifterick, it is especially important to consider ISO as an essential part of your company philosophy. “It is not a job that you just do with two or three people, but an organization-wide process in which you give everyone a voice. It is also an ongoing process. Compare it to a car. You also have to maintain it if you want it to continue to drive well. Appronto realized that very quickly.”
But what exactly did the ISO process look like? It started with a number of risk sessions in which Molenaar & Plasman mapped out all the opportunities and risks. According to Stefan, Molenaar & Plasman always approaches ISO certification processes from three perspectives. “We focus on the organisation, the technology and the people.”
The risk sessions led to the creation of a blueprint for the ISO implementation, which Appronto then set up company-specifically. Then came the implementation. An important goal of this phase of the process was to involve as many people as possible in the ISO certification process.
After the implementation, a test moment followed in the form of an internal audit by Molenaar & Plasman. “This was a good way to identify areas for improvement and to prepare the organization for the external audit,” says Stefan. Then the moment of truth arrived: the external audit by DNL.
Ronald was anything but disappointing. “It was a breath of fresh air. I really expected a strict auditor in a tight suit. In reality, he was an energetic and enthusiastic man with a very positive mindset. Of course he pointed out some small areas for improvement, but he was impressed with how we handled the first audit.
The interviews showed that our desire to obtain the ISO certifications was not only conceived at a strategic level. Our people are really working on it and radiate that. That also fits with our philosophy: no empty slogans on paper, but live according to the idea that you want to propagate in your field. Of course sometimes things go wrong, but what matters is what you do with it and how you solve it.”
But what is the concrete added value of obtaining the Appronto certifications? “The ISO 27001 certificate is proof that our information management is in order. In the field of password management, for example, we only work with LastPass and pay a lot of attention to security training for our employees. As a result of this process, we have also created a multi-factor authentication module for Mendix applications. We make these available free of charge in the Mendix app store.
ISO 9001 has encouraged us to map processes even better and to record all complaints explicitly and in a structured manner. We think even better about how we can do better next time and have a well-functioning and robust quality management system that we continuously optimize. Moreover, not everyone in our industry has an ISO 9001 certificate. It’s an important part of who we want to be.”
Stefan also emphasizes the advantages of the double ISO certification. “It gives your processes an extra quality boost and confirms that you are doing well. But it also helps Appronto take a more robust position within the IT market. Also in the field of sales, a double ISO certification can be of great benefit to you. It is something that you no longer need to discuss in exploratory conversations with potential customers and partners.”