At Kaunt we are proud to be one of the first IT companies to have a SaaS solution that is both ISO/IEC 27001 and 27701 certified.
We've asked our DPO, Marie, to give her view on security and certifications in an AI company like Kaunt. Here is her experience:
As an essential part of handling public and private customers’ accounts payable invoices, Kaunt handles large volumes of data that contains varying degrees of personal data and sensitive data concerning persons.
As a small agile and innovative fintech company Kaunt needs to have internal processes that ensures efficient development processes, thorough documentation and a high level of information security and data protection. These elements are part of the foundation for further growth of the company. And being certified in ISO/IEC 27001 and 27701, not only constantly keeps us up to date but also gives our customers a proof of our commitment to data security, when we handle their data.
In my opinion there are three main reasons why an organization should be ISO/IEC 27001 and 27701 certified:
Establishing an ISMS (information security management system) and PIMS (personal information management system) requires an organization to draw up a framework for information security and data protection. This in turn means implementing policies and processes that highly contribute to streamlining the organization in all aspects.
To become certified in information security and personal data protection is a management decision, where top management shows a commitment to meeting very high standards in the market.
Customer demands and external stakeholders
When an organization handles data on behalf of public and private customers, there are high demands to ensure a sufficient level of information security and data protection.
Data breaches are one of the biggest information security risks at the moment. Personal data can be used by cyber criminals to blackmail organizations.
For these reasons customers tend to require their suppliers to demonstrate sufficient evidence of maintaining a high level of security.
Meeting high standards of information security and data protection increases the competitiveness of an organization and thus creates trust with external stakeholders.
The introduction of GDPR has put significant pressure on all - but in particular smaller - companies.
Being compliant with GDPR calls for a structured approach to handling personal data and information security in all aspects of the company - from personal data in CRM systems to deployment of new code in a SaaS solution.
Adherence to acknowledged standards helps Kaunt work efficiently, ensure the highest standards of compliance and to create trust with internal and external stakeholders, partners and customers. So our certifications are not only a badge on the website or poster on the wall, it is a way to make sure we retain the highest data security standards and keeps the entire organization up to date.