Belatrix Software was able to recertify the ISO 27001 “Information Security Management Systems” standard. We interviewed its Process Area VP to know, among other matters, about the perceived business benefits and how the company’s business perspective was enriched.
Belatrix Software is a software engineering services provider that operates internationally, with offices in Argentina (Mendoza and Buenos Aires), as well as in Colombia, Peru, Spain and the United States. Always focusing on business quality and reliability, it recently achieved the recertification of its Information Security Management System, according to the “Software Development and Testing” scope. We talked to its Process Area VP, Mag. Gustavo Loubet, about the added value that the implementation of the ISO 27001 standard brought to the company.
–You have recently achieved the certification of your information security management system. What was the initial motivation to carry out this process?
-The main reason relates to the need to continuously improve and offer a world-class quality service and reliability.
-What were the specific new practices, in line with the standard, that you started to implement? How was your business perspective enriched?
-The main practices that had a direct and immediate impact on Belatrix (Nearshore software development) business were those related to information security risk management in early stages of projects, to then develop mitigation plans in accordance with our customers and validated with them.
-Do you think that the ISO 27001 certification allows you to build confidence in your relationship with your customers? How?
-In this type of business, where our customers invest significant sums of money, the reliability is very important. Here we ensured that information security practices could coexist with our work methodologies, allowing visibility and trust.
-As a result of this international certification, do you see any commercial benefits for your company? Which ones?
-The benefits are related to the possibility of attracting customers who value and need a service provider that manages and knows information security management practices. For Belatrix it is a very important competitive advantage, which we have been taking advantage of since 2015, when we obtained our first certification.
-Did the alignment of internal processes have an impact on the management of human resources? Did it have an impact on the hierarchical personnel?
–The impact on human resources management was direct and is a day-to-day process, since the company’s board of directors is 100% committed and pushes for the adequacy of the processes to the standards that we certify from the higher levels.
-Did you need to incorporate new technology throughout the successive implementations? Which one?
–Since our first certification in 2015, technology has always been accompanying changes, given that our business is supported by technological tools such as PCs, servers, smartphones and software development tools, among the most important ones.
-Do you intend to take on new certification challenges? If so, what are the steps you are planning to take?
-Like every technology company, being at the forefront is very important, as it is a key competence factor. We are evaluating the possibility of certifying the PCI standard (Payment Card Industry Data Security Standard) to add control practices on electronic payment management algorithms.
-What added value do you consider that IRAM seal gives to the certification?
-We chose IRAM as the certifying body because of its good reputation and its mark value. Auditors are able to understand the service provided by Belatrix when evaluating objective evidence.
Get in touch with us and we will answer your questionsSend inquiry