WorkPoint receives ISAE 3402 declaration for optimised internal procedures
WorkPoint has been through a major process to optimise organizational security. The work started with optimising information security policy and the ISMS based on the ISO 27001 standard. This has now resulted in an official ISAE 3402 declaration from Deloitte.
ISAE 3402 declaration improves procedures for security policy
Over the past few months, a newly established internal IT security organisation has worked on ensuring consistency between WorkPoint’s internal procedures and ISO 27001 security requirements. The group is represented by members of WorkPoint’s senior management, middle managers and operational staff, in order to ensure a complete internal assessment.
The ISAE 3402 declaration includes an overall assessment of IT business processes, which can affect or is a part of the financial report such as development, operation and documentation. It also includes an assessment of more tangible factors, where the audit has reviewed the placement and location of services, data and more.
Quality Manager, Frank Christensen, who has been the contact person for WorkPoint during the process, highlights the optimised security standards:
We have created a security policy based on the ISO 27001 standard. The combination of well-documented guidelines, contingency plans and risk management really provides us with a strong foundation for delivering a high-quality product. We have elaborated our operational plan for handling incidents and risks in the development process, which supports our proactive approach to security management.
The security policy also includes an annual assessment, where the internal security group will conduct a thorough audit in accordance with the ISAE requirements for legal and security compliance.
Responsibility for high-level security management
For WorkPoint, the ISAE 3402 declaration is a necessary security element. Several industries and businesses have strong requirements regarding controlled processes, and as software supplier for international enterprises in highly regulated industries such as manufacturing, financial services, public sector and the energy sector, then WorkPoint must ensure compliance with the required security level.
According to Frank Christensen, the ISAE 3402 declaration contributes to WorkPoint’s status as a reliant and competitive software supplier:
The ISAE 3402 declaration offers our users a sense of quality and security. For many organisations, it is vital to provide documentation of audits performed by external and independent accountants, and we always strive to provide our users with assurance that we have controlled procedures to maintain their WorkPoint solutions.
The ISAE 3402 declaration was conducted in collaboration with Deloitte, who also assisted in preparing a GAP-analysis in order to achieve compliance.