Insufficient documentation of security and resource-intensive responses to security requirements from potential new customers was a major challenge for eSmart Systems. When they decided to implement ISO27001, a journey began that not only solved these problems but also provided them with a competitive advantage.
Background: From need to certification
eSmart Systems is a leading provider of AI-driven services and solutions for the inspection and maintenance of critical energy infrastructure with customers in many countries. These customers have high demands for documented management and governance of security based on standards such as ISO27001 or NIST from their suppliers.
eSmart Systems, led by CTO Erik Åsberg, wanted to strengthen its position in the market through better management of information security.
The goal was clear: ISO 27001 certification. This was to be achieved in a short time – a demanding ambition that required expertise. The solution? To collaborate with Dunamis Technology and their CEO Ronny Stavem as a virtual Chief Information Security Officer (vCISO).
The challenge: A difficult terrain to navigate
ISO 27001 is a management system for information security (Information Security Management System, ISMS). An ISMS is a comprehensive framework that ensures information security is managed systematically and holistically, based on risk analyses and management decisions.
Four or five years ago, the concept of "CISO for hire" was little known. eSmart Systems faced a complex journey: to build a complete management system for information security while balancing resources and time. Where should they start? Would the implementation of ISO27001 be too time-consuming and bureaucratic? Would it hinder innovation and flexibility?
The management at eSmart Systems understood that information security was crucial for the business, and that an ISO27001 certification would provide them with a solid framework for managing security risks. However, they needed a partner who could guide them through uncharted territory.
The solution: A partner in Dunamis Technology
Ronny Stavem stepped in as vCISO for eSmart Systems and led the process from start to certification. With deep knowledge and a comprehensive toolkit, he helped eSmart Systems establish a robust information security system. The system covers everything from risk management to protection of software, contracts, and mobile devices, to incident management plans for business continuity in the event of a cyber incident.
- Effective implementation: The certification was completed in impressively short time. Dunamis Technology managed the project, ensuring a seamless implementation.
- Security culture: The implementation was not just about technology and processes, but also about people. eSmart Systems has focused on building a strong security culture through monthly safety training and continuous improvements.
Results: Competitive Advantage and Value
The certification has provided eSmart Systems with several advantages:
- Increased trust: Customers are now actively asking if eSmart is ISO certified and has an information security system, and with the certification in place, they can confidently respond with a "yes." This serves as a strong sales tool and gives them a competitive advantage in the market.
- Better risk management: The security system provides eSmart with an overview of its resources and helps them make informed decisions about which assets need to be protected.
- Cultural change: Security is now part of the organization's backbone, thanks to regular training and a shared understanding of the importance of information security.
Long-term collaboration
The success of the ISO 27001 process has led to a long-term collaboration between eSmart Systems and Dunamis Technology. Dunamis now acts as a trusted advisor and supports eSmart Systems in maintaining and further developing their security systems. Ronny Stavem's role as vCISO has been crucial in building a robust security infrastructure and a security-conscious organization.
Customer's perspective
According to Erik Åsberg, eSmart Systems would not have achieved the certification without Dunamis:
"Dunamis asked the right questions and guided us through the process. Their expertise and toolbox were indispensable."
He also emphasizes the value of having a partner who can provide continuous support and advice. “We must always be aware of building a good culture around the work with ISO 27001 certification, otherwise we will never get the employees on board. It helps to have a partner who guides us in the right direction,” Åsberg points out.
The Future
eSmart Systems envisions a long-term relationship with Dunamis Technology, where the focus remains on security and continuous improvement. The organization is now better equipped to face future challenges, with a solid security culture and a system that can withstand today's and tomorrow's security threats.
Conclusion
eSmart Systems, with support from Dunamis Technology, has achieved significant results in information security. By implementing a robust information security management system (ISMS) and obtaining ISO 27001 certification, eSmart Systems has not only met international security standards but also strengthened its competitive position in the market.
Dunamis Technology has been a crucial partner throughout the entire process. With Ronny Stavem as vCISO, eSmart has gained access to expertise, tools, and strategies that have enabled a rapid and effective implementation. This support has contributed to a cultural shift within the organization, where security is now an integral part of everyday life.
The result is an organization that not only protects its own values but also meets customers' expectations for information security. With a solid ISMS in place, eSmart Systems has established a lasting platform for security, trust, and future growth, while benefiting from continuous support and advice from Dunamis Technology. This collaboration has shown that the right partner can be crucial for navigating the complex requirements of modern information security.
