WIB Attains ISO 27001 Certification for Information Security: A Conversation with Luca Salvatori
- 14 July 2023
- Elena Federici
Pictured: Claudio De Girolamo, Operations Director of WIB (left), and Luca Salvatori, Service & Process Director of WIB (right)
In our rapidly digitalizing world, the importance of information security for all businesses is paramount. Companies are now expected to implement an ISMS – Information Security Management System – to safeguard their operations.
The ISO 27001 certification serves as the gold standard of validation for an effective ISMS. It aids in identifying, managing, and diminishing a host of risks related to information security.
We, at WIB, embarked on this journey towards ISO 27001 certification and are proud to announce that we achieved this critical milestone at the end of June this year. As of June 29, we are officially ISO 27001 certified by the DNV certification body.
Luca Salvatori, our Service & Process Director, who joined WIB earlier this year, is here to share his insights about this achievement and its significance for our company.
Luca, we appreciate you taking the time for this interview. Could you tell us more about yourself and your role in facilitating our ISO 27001 certification process?
After several years in a software company, where I served initially as a sales director and later as managing director, I was invited to join WIB as a minor investor and contribute to the operational management of the company. WIB, as a lean entity, like many innovative start-ups elevated to SME status, needs to bolster its organizational structure to compete effectively with larger, more internationally oriented firms that operate with more defined processes and procedures.
Our pursuit of the ISO 27001 certification aligns with WIB’s intention to structure itself to better accommodate the needs of such entities.
Upon joining the company, the certification process was already in motion, with my colleague – and partner – Claudio De Girolamo having executed commendable preparatory work. Dedicating myself wholly to this endeavor, I assumed both a coordinating and operational role to conclude the outstanding activities and adhere to the certification body’s timelines. The methodical and organized approach I garnered in previous roles proved invaluable in achieving this critical milestone for WIB’s growth.
What are the main benefits WIB and its clients have reaped from this certification?
In Italy, while some certifications, such as the renowned ISO 9001, are commonplace, few companies have invested in the ISO 27001 certification. This discrepancy can be attributed to the need for increased awareness about information security and the objective difficulties tied to the plethora of requirements that must be fulfilled and sustained over time. Nonetheless, this certification is critical, and increasingly so for firms like us, operating in the software and ICT domain. Implementing and maintaining globally recognized standards for information treatment is an essential assurance of reliability for customers. It also serves as a competitive edge in a market where few firms have truly prioritized this aspect.
Could you share any specific challenges you faced and overcame during the certification process?
As a new addition to WIB, the biggest hurdle was rapidly understanding the myriad internal mechanisms (processes, procedures, controls, etc.) of the company to accurately document them in line with the certification process requirements. I owe a great deal to my colleagues who supported me in reviewing the more technical aspects.
However, an even greater challenge – and opportunity – lies ahead: to uphold the commitments associated with the obtained certification, continuously enhancing the security of our processed information, and aligning our activities with international best practices.
Now that WIB is ISO 27001 certified, what are the upcoming steps to maintain and further enhance the company’s information security?
The ISO 27001 certification is just the beginning of a process that must be reaffirmed annually through periodic audits. In these, we must demonstrate that we have made the expected improvements in response to the feedback from previous audits. Every company can always improve its information security, marking a long-term journey where the quality bar for the experience offered to the market is consistently raised.
Do you have any advice for other companies contemplating ISO 27001 certification?
My primary advice is to instill and strengthen an organizational culture aligned with the ISO 27001 principles. Without this crucial step, any certification might merely exist “on paper,” perceived more as a hindrance than an opportunity. However, if you can integrate the guidelines from the certification process into the everyday operations of your organization, ISO 27001 can prove to be a valuable ally for your company and its market proposition.
We extend our gratitude to Luca for sharing this accomplishment with us and congratulate him, Claudio, and the entire WIB team for attaining this certification. For those interested in learning more about our smart locker offerings and software solutions, our specialists are always available!