2NS was selected as a partner of the software company Receptum to carry out the company’s internal ISO27001 audits for the maintenance and development of the information security management system.
The purpose of internal audits is to ensure that the company’s operations meet the requirements set by the acquired certificate, in this case ISO27001, so that the actual audit extending the validity of the certification goes through without problems and the annual third-party follow-up audits go well.
The audited ISO standard is valid for three years. After this, a new actual audit is carried out, where a third party checks the operation. During the three years that the audition of the standard is valid, it is required to carry out internal audits to maintain competence.
During the period of validity, follow-up audits are also carried out to ensure standard operation.
The cooperation between Receptum and 2NS has already started earlier, and now continued with an internal audit in spring 2023. 2NS experts went through the documentation related to the information security management system, certain practices and physical security.
”For us, the cycle of internal audits comes from the fact that the actual audit by an external party always takes place in the fall, so our annual calendar determines that the internal audits will be done in the spring. In addition, we already had the ISO9001 reference framework as a base, and now with ISO27001:2013 we combined the two into one management system, so the spring (internal) & autumn (follow-up) cycle of audits was also a natural way to implement this,” explains Receptum’s CISO Tuomas Miskala.
A pharmacy operator wants to invest in information security
Receptum is a software supplier serving the pharmacy industry in particular and a promoter of digitization, so the content of the internal audits focused especially on points in the information security management system that are essential for information security software development. The company has customers from all over the Nordic countries in the pharmacy sector.
Receptum’s best-known product is the MAXX pharmacy system, which is a complete pharmacy IT solution. In addition, the company provides customized consulting and software development services in the pharmacy sector and oral health care.
The company’s customers are in the pharmacy industry, where information security is, from many points of view, an important part of ensuring business continuity. Maintaining customer trust is important, which is why the industry is under even more pressure than average to maintain high-quality information security.
“ISO 27001 readiness is absolutely important to us. The information security management system must always support the company’s business and live and develop for it and not the other way around, of course in accordance with the framework. Let’s do well today and better than yesterday so that tomorrow is a new day too. The journey is always long, and the development and maintenance of the management system should always be seen as a marathon rather than a sprint,” says Miskala.
Internal audits offer the opportunity to discuss with an external professional the operation of the information security management system and its possible optimization. A good management system does not create friction in everyday life and business, but supports their operation.
2NS has long experience in implementing the ISO27001 standard and developing the required capabilities for business customers. We carry out implementations from preliminary surveys to preparation for the actual audit. Between audits, we support the maintenance of competence and the development of the information security management system with internal audits and, if necessary, training.
And how does Receptum’s CISO Tuomas Miskala summarize the cooperation with 2NS?
“Substance know-how is deep (at 2NS), so it pushes us to do better as well. Again, we received a lot of good development ideas on how we can develop and maintain the readiness of the information security management system to face the information security challenges of tomorrow.”