‘ISO 27001 gives us that crucial edge over the competition’
Dutch start-up Nedscaper provides Managed Extended Detection and Response (MXDR) services from the cloud. With this, the young company fully relieves customers when it comes to detecting and limiting cyber risks. Nedscaper also supports organizations that want to organize their own cyber security and provides compliance services. This field of work places high demands on the safe and trusted handling of digital information. Lead compliance consultant Steijn Scheutjens explains how Nedscaper deals with this and recently saw its efforts in this area awarded with an ISO 27001 certification.
First of all, can you tell us a bit more about Nedscaper, Steijn?
Nedscaper's main activity is providing fully cloud-based MXDR services. With this we provide 24/7 protection against threats, we investigate a possible break-in, we provide insight into possible threats and we mitigate them for our customers. We also provide consultancy services to organizations that want to be in control of their cyber security. Finally, we are also active in the field of ICT compliance, across the board: from technical implementation to governance.
Which quality standards are important for your organization?
We see that in our market medium to large organizations who are looking for a partner in the field of cyber security often require their potential suppliers to work in accordance with ISO 27001. Further, our roadmap includes certification in the field of assurance and certification specifically aimed at our activities as a managed security services provider.
Why did you, as a start-up, directly go for ISO 27001 certification?
We have set ourselves the goal of providing our customers with the highest possible quality. Nedscaper would like to implement and propagate this both at the front and at the back of our organization. With the achieved ISO 27001 certification and the certification processes that we still have in store, we want to emphasize our commitment to continuous improvement and professionalization.
How have you translated the ISO 27001 requirements within the organization?
Since we are an organization that works completely cloud-based, it took some effort to implement the standard . But with the support of an experienced Kiwa lead-auditor and smart mutual coordination, we managed to do carry out the external audit.
Why did Nedscaper choose Kiwa?
Before we started the certification process, we already knew that we would not fit the 'standard profile'. That is why we also knew in advance that we had to work with an experienced certification partner, a specialist who is familiar with modern systems and working methods. And based on that profile, Kiwa was the logical choice for us.
This was the first certification process for Nedscaper. How did you prepare for this?
For Nedscaper as a company, this was indeed the very first certification process. But we have many people on board who have experience with audits. To get everyone in the organization up to speed, we have invested extra time and shared the available knowledge and experience in targeted sessions. And by making good use of the findings we got from Kiwa we remained in control from start to finish.
What’s your advice for fellow start-ups who want to go for certification?
Start preparing a timeline and deadline to achieve the certification, do your research well and make sure you know your relevant strengths, weaknesses and organizational challenges. Once you have that in mind, you can adjust the intended trajectory accordingly and look for a partner who complements you. As a start-up, you may be able to rely less on the existing 'institutional knowledge', but you are much more agile. Turn that disadvantage into an advantage by acquiring that knowledge and applying it quickly.
What would you have done differently?
The revised version of ISOISO 27001:2022, is more in line with our business model. In hindsight, we should therefore have waited a little longer with certification. But we felt that obtaining the ISO 27001 certificate last year was just that little bit more important. During the next audit we have the possibility to go for the 2022 version.
What benefits will ISO 27001 certification bring Nedscaper?
For our existing customers and prospects, certification is an external validation that demonstrates that our values, vision and working methods are reinforced and confirmed. That gives us that crucial edge over the competition.