How to choose a reliable supplier according to ISO 27001 

Choosing a supplier is not an easy task, especially in the information era. For this task to be successful, it is necessary to evaluate criteria such as quality of service, information security, and data privacy, some factors met by standards and the ISO 27000 family, a set of information security and data protection certifications for companies and public agencies. 

First of all, in any business, information security is a strategic issue that cannot be ignored. Companies that seek optimization of processes and routines, improved communication, efficiency in business management, cost reduction, and maximization of results need to rely on good suppliers to provide adequate solutions. 

As the dependence on some suppliers is unquestionable, the best way is to outline a strategy for them to become a partner that contributes to the success of the business, and certifications are a great way to do this. 

The Importance of Information Security

Have you ever stopped to think about the difference between privacy and security? To better elucidate this concept think about the following analogy.  

You come home and expect to have a moment of privacy doing something you enjoy, but your house has no doors and someone comes in, invading your privacy.  

If your house had doors, you could close them, ensuring your privacy at that moment. However, since you don’t have them, you don’t have a security system that allows you to have privacy. Is the concept clearer now? 

Information Security goes far beyond data protection, it is a framework that protects information based on three pillars: Integrity, Availability, and Confidentiality.  

• Integrity: ensure the quality of the information so that it remains complete and unaltered;  
• Availability: ensure that the information is available for consultation regardless of external factors such as power outages and internet unavailability by the supplier; 
• Confidentiality: keep the information restricted only to those responsible and duly identified. 

The truth is that with the arrival of technology in all areas, adapting your internal processes according to information security guidelines and meeting local regulations for the protection of personal data is to assure your customer of a robust and reliable product or system. 

Regulatory Standards and Information Security Management 

The norms play a role in determining guidelines that guide the execution of activities, establishing standards that guarantee excellence in all the execution. 

ISO/IEC standards are technical standards aimed at structuring organizational processes. In the case of ISO/IEC 27001, it establishes guidelines for managing Information Security support systems. 

Through it, companies commit to adhere to information security guidelines, creating an information protection framework that will result, among other things, in data protection. 

How to choose a reliable partner  

Certifications such as ISO/IEC 27001 and ISO 9001 are voluntary, that is, they are acquired by the company’s will to improve its internal processes and not just to do the basics in complying with the law.  

In a 2021 survey, it was found that in Brazil only 165 companies were ISO/IEC 27001 certified out of a total of about 18 million active companies in the same year. This figure is not even 1% of the total number of Brazilian companies.  

Although advertising plays a big role in the purchase decision process, the recommendation of others is the biggest differentiator when making a new purchase. Buying something with guarantees of origin and quality makes the decision process easier.  

The same logic works when it comes to choosing a reliable supplier. Choosing certified companies guarantees a satisfactory delivery at the end of the deal.  

Therefore, taking into account your supplier’s concern in delivering a service/product with its certified management systems is a factor that should be considered when choosing a good business partner.  

Dynamox has been ISO 27001 certified since 2021, an internationally recognized certification. The implementation of the information security standards was accomplished in record time by the company, in only 9 months. 

Our commitment to continuous improvement 

Continuously advancing in the processes of personal and professional development is a characteristic of the Dynamox team. Therefore, in the year 2022, Dynamox went in search of complementing its certifications.  

In December the company was certified in two complementary norms to ISO 27001. These are:  

• ISO 27701: an extension of ISO 27001 aimed at bringing organizations in line with the General Data Protection Act of Brazil (LGPD) and General Data Protection Regulation (GDPR) controls on sensitive data; 
• ISO 27018: a code of practices focused on protecting personal data in the cloud. 

Dynamox also has ISO 9001 certification for its Quality Management System. Thus, bringing quality and safety in its internal processes and in the services provided.  

Learn more about Dynamox’s liability policies and procedures.