{"id":18809,"date":"2019-04-08T12:49:47","date_gmt":"2019-04-08T12:49:47","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/27001academy\/?p=18809"},"modified":"2024-11-12T12:20:02","modified_gmt":"2024-11-12T12:20:02","slug":"a-success-story-about-implementation-of-iso-27001-and-9001-how-online-platform-doccle-did-it","status":"publish","type":"post","link":"https:\/\/staging.advisera.com\/27001academy\/blog\/2019\/04\/08\/a-success-story-about-implementation-of-iso-27001-and-9001-how-online-platform-doccle-did-it\/","title":{"rendered":"A success story about implementation of ISO 27001 and 9001: How online platform Doccle did it"},"content":{"rendered":"<p>Is it possible for a SaaS company to implement ISO standards, and how and why should SaaS companies get certified? On your way to success, this is an important step, and this is just what <a href=\"https:\/\/doccle.be\" target=\"_blank\" rel=\"noopener noreferrer\">Doccle<\/a> did, when it broke out as a unique digital player in Belgium and beyond. It decided to implement <a href=\"https:\/\/staging.advisera.com\/9001academy\/what-is-iso-9001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 9001<\/a> and <a href=\"https:\/\/staging.advisera.com\/27001academy\/what-is-iso-27001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 27001<\/a> as a SaaS.<\/p>\n<p>This fast-growing online platform for administration began as a startup in 2014, and today numbers at 13 employees and 1.4 million end users subscribed, with a wide range of more than 100 companies delivering invoices and other documents. Doccle\u2019s Chief Operating Officer Peter De Rudder (47), who has been in the IT business for 25 years, talks exclusively for the Advisera website about what ISO implementation brought to the company, what problems they faced during the implementation, and how they resist the security and privacy threats related to online payment processing and document handling.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-18810\" src=\"\/wp-content\/uploads\/\/sites\/5\/2019\/04\/Peter-De-Rudder.jpg\" alt=\"Peter De Rudder, COO at Doccle, ISO 27001 certified SaaS company\" width=\"1200\" height=\"628\" srcset=\"\/wp-content\/uploads\/sites\/5\/2019\/04\/Peter-De-Rudder.jpg 1200w, \/wp-content\/uploads\/sites\/5\/2019\/04\/Peter-De-Rudder-300x157.jpg 300w, \/wp-content\/uploads\/sites\/5\/2019\/04\/Peter-De-Rudder-768x402.jpg 768w, \/wp-content\/uploads\/sites\/5\/2019\/04\/Peter-De-Rudder-1024x536.jpg 1024w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><\/p>\n<h4>Why did Doccle decide to improve its security and quality?<\/h4>\n<p>Doccle wants to be the trusted platform in these times of increasing risks. <a href=\"https:\/\/staging.advisera.com\/eugdpracademy\/blog\/2018\/01\/25\/how-will-gdpr-impact-different-industries\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR regulation also played a role<\/a>. Customers today are more vigilant about entering into an agreement with a vendor that does not take security seriously.<\/p>\n<h4>It seems that you are a young, unique company with competitors in Europe and worldwide. What makes you so unique?<\/h4>\n<p>The concept of <a href=\"https:\/\/doccle.be\/en\/what\/\" target=\"_blank\" rel=\"noopener noreferrer\">Doccle<\/a> is really unique in Belgium, but also across Belgium\u2019s borders. It is accessible to anyone, on mobile or PC, and your entire administration is located on one single platform. There\u2019s a guarantee of the legal retention period, you have full control of your document, security and privacy are at the core of our organization, and we are free forever for our end users, because our income comes from the companies that put documents on Doccle.<br \/>\n<div id=\"middle-banner\" class=\"banner-shortcode\"><\/div><script>loadMiddleBanner();<\/script><br \/>\n<div id=\"side-banner-trigger\" class=\"banner-shortcode\"><\/div><\/p>\n<h4>What global trends and predictions in the field of online payment and document handling do you expect?<\/h4>\n<p>We expect some big changes in the payment market once PSD2 is really up to speed.<\/p>\n<h4>What are the most concerning security and privacy threats and challenges related to online payment processing and document handling these days?<\/h4>\n<p>The online payment business is strictly controlled and security levels are really high. The same goes for the data handling of our users. The whole GDPR wave brought us more awareness on privacy and security, and as a company, you cannot neglect the importance that people are giving to this topic.<\/p>\n<h4>How does Doccle counter these threats?<\/h4>\n<p>Without going into details, it all starts with a secure development process and security testing. We put a lot of effort in there. Next to that, we have a partner responsible for our vulnerability scanning of the platform.<\/p>\n<h4>Do you perform any kind of security awareness training for employees, or maybe even for users?<\/h4>\n<p>Employees get regular awareness training through regular security tips. The Advisera <a href=\"https:\/\/staging.advisera.com\/training-account\/security-awareness-training\/\" target=\"_blank\" rel=\"noopener noreferrer\">security awareness training<\/a> is a good way to start quickly. As for the end users, we have a <a href=\"https:\/\/doccle.be\/en\/safely-online-on-doccle\/\" target=\"_blank\" rel=\"noopener noreferrer\">whole section<\/a> on our website to help them.<\/p>\n<h4>Which measures do you take to protect users from cybersecurity threats and unauthorized access?<\/h4>\n<p>We have technical measures in place: DDOS protection, IPS\/IDS, Firewalls, and Web Application Firewalls.<\/p>\n<h4>Which measures do you take to protect users\u2019 privacy?<\/h4>\n<p>We have set up \u201cChinese walls\u201d between the senders of documents. We have a <a href=\"https:\/\/doccle.be\/en\/safely-online-on-doccle\/privacy\/\" target=\"_blank\" rel=\"noopener noreferrer\">Privacy Policy<\/a>, and our goal is to be clear about the data we collect so that you are as well informed as possible about how your data is used.<\/p>\n<h4>Why did Doccle decide to implement ISO 27001 and ISO 9001?<\/h4>\n<p>With ISO implementation, our company undoubtedly earns a higher level of respect. Other objectives were improving our market image, strengthening our product, preventing the damage caused by potential incidents, and preparing for Eidas European regulation and certification. Also, we needed to align with procedures and policies as defined in our GDPR program, and to comply with the security requirements coming from our senders. Compliance with Eidas regulation is another important reason.<\/p>\n<p>We now have better documented processes and better security awareness of employees and partners. We document the \u201cunwritten knowledge\u201d of the company, and there is a lot of unknown knowledge in every company. But when doing an ISO exercise, you have to document it.<br \/>\n<img decoding=\"async\" class=\"size-full wp-image-18822 alignleft\" style=\"margin-top: 18px; margin-right: 25px;\" src=\"\/wp-content\/uploads\/\/sites\/5\/2019\/04\/Peter-De-Rudder-2.jpg\" alt=\"Peter De Rudder, COO at Doccle, ISO 27001 certified SaaS company\" width=\"283\" height=\"500\" srcset=\"\/wp-content\/uploads\/sites\/5\/2019\/04\/Peter-De-Rudder-2-169x300.jpg 169w, \/wp-content\/uploads\/sites\/5\/2019\/04\/Peter-De-Rudder-2-578x1024.jpg 578w\" sizes=\"(max-width: 283px) 100vw, 283px\" \/><\/p>\n<h4>What issues or problems did you face while undertaking the implementation processes?<\/h4>\n<p>The biggest problem is to get the project running. In most medium or small companies, there is no dedicated personnel to do the implementation. So, you need to find enough time to get it started. It\u2019s important to get management commitment.<\/p>\n<h4>Describe the experience of using Advisera\u2019s ISO 27001 &amp; 22301 Premium Documentation Toolkit, ISO 27001 foundations exam, and ISO 9001 foundations exam.<\/h4>\n<p>The good thing about the <a href=\"https:\/\/staging.advisera.com\/27001academy\/iso-27001-22301-premium-documentation-toolkit\/\" target=\"_blank\" rel=\"noopener noreferrer\">toolkit<\/a> is that the documents all have the same structure. By doing this, your ISO management system looks much more professional than if you had used Google for ISO templates. The toolkit also comes with a list of mandatory documents, which is very handy. With the Advisera toolkit, you get a quick start on the implementation. There are also a lot of webinars and other documentation available.<\/p>\n<p>Regarding the exams, I took the <a href=\"https:\/\/staging.advisera.com\/training\/iso-9001-foundations-course\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 9001<\/a> and <a href=\"https:\/\/staging.advisera.com\/training\/iso-27001-foundations-course\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 27001<\/a> exam. As I did not have a lot of time, I used the transcripts instead of the spoken tutorials. I would recommend taking the exam after the implementation in your company, because then you are far more experienced.<\/p>\n<p>What I liked the most was the helpful documentation and clear structure, aligned with the ISO standards. There are also relations between the different products like <a href=\"https:\/\/staging.advisera.com\/27001academy\/blog\/2016\/10\/17\/does-iso-27001-implementation-satisfy-eu-gdpr-requirements\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR vs. ISO 27001<\/a>. They are easy to adapt to your own situation.<\/p>\n<h4>Why do you like working with Advisera?<\/h4>\n<p>We were able to implement ISO in our company within six months. Without the Advisera toolkit, this would never have worked. It is structured well and provides a head start for your implementation. The Advisera team is also willing to help if you have questions. I used their support during the implementation. The product is especially useful for smaller or medium-sized companies.<\/p>\n<p><em>Advisera will gladly publish your story &#8211; if you are an Advisera client, feel free to<\/em> <a href=\"https:\/\/staging.advisera.com\/contact\/\" target=\"_blank\" rel=\"noopener noreferrer\">contact us here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Is it possible for a SaaS company to implement ISO standards, and how and why should SaaS companies get certified? On your way to success, this is an important step, and this is just what Doccle did, when it broke out as a unique digital player in Belgium and beyond. It decided to implement ISO &#8230;<\/p>\n","protected":false},"author":91,"featured_media":18810,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[1745,133,158,176,379,381,559,598,1454,1497,1738,1740,1741,1742,1743,1744],"class_list":["post-18809","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-advisera","tag-iso-9001","tag-documentation","tag-compliance","tag-information-security","tag-iso-27001","tag-cybersecurity","tag-toolkit","tag-saas","tag-implementation","tag-security-awareness-training","tag-quality-management","tag-example","tag-doccle","tag-peter-de-rudder","tag-interview"],"acf":[],"_links":{"self":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/18809","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/users\/91"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/comments?post=18809"}],"version-history":[{"count":0,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/18809\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/media\/18810"}],"wp:attachment":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/media?parent=18809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/categories?post=18809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/tags?post=18809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}