OpenApp achieves ISO27001 certification
OpenApp is delighted to announce that we have now attained ISO27001 certification through a huge amount of collaborative effort by our team. We have always strived to provide the most secure systems and services so achieving this accreditation is a massive affirmation of the work the team has been continuously doing over the years. This standard is incredibly important for us as a company because it aligns with our core mission statement of providing the best solutions for our clients whilst protecting the integrity of their systems and data.
What is ISO 27001?
Developed by the International Organisation for Standardisations (ISO), 27001 is the world’s best-known standard for information security management systems (ISMS) and their requirements, through specification for establishing, implementing, maintaining and continually improving an ISMS.
In a more practical description, these processes set a framework for recognising and systematically rectifying any potential risks or vulnerabilities, affording clients the piece of mind that their data is being treated with the industry's best in security standards. For us as a company, we wanted to be aligned with best practice in the industry to protect the integrity and confidentiality of the data we are processing, so ISO 27001 being the foremost certificate for security allows us achieve this goal.
Why pursue a Security Certification
As part of our core values and mission OpenApp has always endeavoured to create high quality and secure solutions for our Clients. A security standard, especially one as coveted as ISO 27001, helps us ensure that we are working to provide the industry best in system security and integrity. Not only did the process of achieving the certificate bolster our already extensive know-how on protection of valuable data/information, but it now gives both future and existing clients added comfort of knowing that we provide the most secure environment to safeguard their data.
How it was acheived?
Being the most thorough and meticulous security standard, achieving the ISO 27001 Information Security Management Systems certification was the result of a huge amount of effort and involvement from every member of our team, the process allowed us the opportunity to challenge ourselves to improve our service and provide the highest security and privacy standards that met or exceeded the needs and expectations of our customers.
OpenApp's certification was achieved through an extensive and rigorous third-party audit provided by Business Quality Assurance International Ltd (BQAI), an ISO17021 accredited certification body.
Interview with ISO 27001 Project Manager
To give you a more personal take on ISO 27001 and the steps taken to achieve it here are a few questions fielded by David Cavanagh, our internal Security Expert, who was instrumental for OpenApp meeting the necessary criteria for the certificate:
Q: Why did Openapp choose the ISO 27001 standard?
A: ISO is the largest developer and publisher of international standards in the world which includes the leading international standard for information security management. Given that we have clients all over the world it was essential for us that we choose an internationally recognized standard such as ISO 27001.
Q: What do think was essential for achieving ISO27001?
A: I established an Infomation Security Managment System (ISMS) steering group consisting of myself, the CEO and senior management from each department that met on a weekly basis. Every week we would discuss and review risks, update policies and procedures. It was an excellent exercise, and having representatives from every department made new procedures far easier to disseminate and employ company wide. This steering group was essential for assessing our readiness to have a 3rd party auditor come in.
Q: What does this mean for our clients?
A: I believe that maintaining the highest standard of information security for ourselves and our clients is essential, it makes it easier for us as a company to have clear and concise security standards that we have to meet. This certification proves that we have the procedures in place to protect our clients information.
Q: How will we ensure we keep meeting the standard?
A: An ISO 27001 certification is not a one and done standard, to maintain it we must have our auditor return on an annual basis during the two calendar years following certification to reassess the continued conformance of our ISMS to the ISO 27001 standard. We have established a standard operating procedure for ISMS steering group meeting continuously every 2 weeks to ensure we:
• Continually and proactively evaluate and mitigate potential security risks
• Have ongoing security awareness and training for our staff conducted by a third party
• To employ a specialist security company, Commsec, to assist with internal audits to ensure maintenance of standards outside the 3rd party Audits. The steering group will discuss when these internal audits are to be conducted and review their findings
• Regularly assess and vet our Vendors to ensure standards are not at risk through their activities.
“Using this collection of standards helps reinforce and support our organization to manage the security of assets and data entrusted to us by our customers and their clients.” Keith Ó’Muirí, Head of Professional Services.
"This certification provides an additional assurance to our valued customers when evaluating the quality, breadth, and strength of our security practices." - Con Hennessy, Managing Director
To find out more about our custom software solutions, or to talk to us about similar work you may undertake, contact us here
Clinical Patient Management System for European Reference Networks: A Case Study The Clinical Patient Management System (CPMS) is a virtual consultation platform which enables healthcare professionals to present patient cases and collaborate with other healthcare professionals to provide diagnosis, care and treatment across borders. What are the European Reference Networks?…Read More
Knowledge sharing at the Centre for Digitisation in telemedicine, germany and discussing CPMS OpenApp CEO, Con Hennessey, has been invited to speak about the Clinical Patient Management System (CPMS) at a the “Digital and central: Treat rare diseases through digital networking across institutions” online symposium. Launched in 2017, CPMS serves as…Read More
OpenApp Develops Ground Breaking Platform Which Delivers Better Care to Rare Disease Patients European clinicians treating over 30 million people who suffer from rare and complex diseases are reaping the benefits of pan-European cooperation. A new system developed by Irish health informatics company OpenApp for the European Commission now allows…Read More