During 2023, the Evondos team worked hard to fulfil our customer’s expectations and strengthen our information security way of working. In December we got rewarded for all the hard work when we passed our ISO 27001:2022 certification audit.
ISO 27001 is the leading and most recognized Information Security Management System Standard. It sets a framework for risk management, cyber-resilience, and operational excellence. This ISO security framework’s purpose is to protect companies’ (and their customer’s) information systematically and effectively.1 On top of that, it is a perfect complement to ISO 13485 (QMS for Medical Devices2), which Evondos has also received a certification for.
Compliance with a recognized Information Security standard, although not mandatory by regulation, is in our opinion vital to any company, let alone to any health tech company. And what is a better way to show compliance than a widely recognized certification?
The decision to take on this sizeable project was not only to protect us but also to protect our customers as well. When working with a supplier who operates under a certified Information Security Management System, the customer can rest assured that the supplier handles their data in a safe and secure manner and that their products are safe and secure to use under the MDR.
The topic of Information Security is even more important in today’s world than it has ever been before. With cybercrime at an all-time high, having a standardized and effective way to identify and control risks and threats that could affect our products and services is vital. Staying vigilant against identified and suspected threats to products and services offers our customers not only a sense of security but also peace of mind that the Evondos products and any information in our care are safe against cyber threats.
ISO 27001 also emphasizes continuity. Availability of the Evondos Service is key and minimizing the effects of any incident is critical. With a standard and certified operating model, we have the means to work towards reducing incidents, but we also have a way to learn from potential incidents and through that, continually improve our way of working and our products.
This is what our IT Director Krista Lind thinks the certificate means for Evondos:
“The ISO 27001 certificate demonstrates to customers and stakeholders that our information security management system is at the highest level. The required principle of continuous improvement ensures we have up-to-date tools and methods for maintaining information security. With the certificate, we take pride in being recognized as pioneers in our industry, providing a competitive edge in today's digital landscape.”
1 ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection. Accessible at https://www.iso.org/standard/27001
2 ISO 13485:2016. Medical devices, quality management systems. Accessible at https://www.iso.org/standard/59752
The writer of this blog article is working at Evondos as a Quality & Regulatory Affairs Director.