Wolt is a Helsinki-based technology company that provides an online platform for consumers, merchants, and couriers. It connects people looking to order food and other goods with people interested in selling and delivering them. To enable this, Wolt develops a wide range of technologies from local logistics to retail software and financial solutions – and operates its own grocery stores under the Wolt Market brand.
Making negotiations faster and easier by increasing trust and credibility
Information security and data privacy are at the heart of Wolt. The company believes that protecting customers’ and business partners’ privacy is not only the right thing to do but a part of Wolt’s values.
Especially when negotiating with new partners and customers, privacy and security-related issues are massively important. During those negotiations, they’ve often heard one question: “Is Wolt ISO 27001 certified?”
The key drivers for the certification were improving trust in Wolt as a partner. “ISO 27001 certificate smoothens the negotiations with new business partners. We don’t have to ask our business partners to trust our word in implementing good security practices, but actually have a certification of compliance to show for it”, says Samu Ahvenjärvi, Security Lead in Governance, Risk & Compliance at Wolt. “ISO 27001 certification shows that Wolt has a proactive approach towards information security and has adopted best practices to minimize threats”, Ahvenjärvi continues.
Fixed certification audit with ease and experience
Wolt started the certification process internally in 2021. Nixu Certification became involved in the second quarter of 2022 and was chosen because of its good reputation and ability to provide meaningful audit results, which can help Wolt to improve its overall security posture and processes.
An ISO 27001 certification audit always happens in two stages. First, the auditor will complete a stage 1 audit, where they review the Information Security Management System’s (ISMS) documentation to ensure the right policies and procedures are in place. Next, a stage 2 audit will verify business processes, activities, and security controls. Once stage 1 and stage 2 audits are successfully completed, an ISO 27001 certification, valid for three years, will be issued.
“The audit process itself is rather fixed with a strict procedure that must be followed, but we value Nixu’s flexibility and ease of cooperation, as well as expertise and experience,” says Ahvenjärvi.
“For Nixu Certification, working with rapidly growing start-up-minded companies is always a positive challenge. It was great to see that Wolt’s security team was really focused and truly committed to maintaining and improving its information security management. Ensuring that appropriate security management procedures are in place at all times is of utmost importance when a company is expanding rapidly,” says Ville Koskinen, Lead Auditor at Nixu Certification.
Achieving certification is a milestone but not the end
After a rigorous and diligent audit process, Nixu Certification approved the audit and issued an ISO 27001 certificate to Wolt in autumn 2022. The certified information security management system covers Wolt’s Product + organization, including, e.g., product development, platform development, engineering, and associated support teams such as security, IT, people, risk management, and legal, in six Wolt offices worldwide.
Wolt recognizes that the work with data privacy and security never ends. The company is committed to developing its existing information security practices and processes and growing its maturity as the environments keep changing. “It’s not just about the certificate, even though it is a great internal tool and asset, but the process itself was valuable as it pushed us to improve our overall security posture and process maturity”, Ahvenjärvi concludes.
“We appreciate working with companies like Wolt that really put effort into improving their information security posture. We are happy to offer our high cybersecurity expertise to elevate the security level of world-class companies,” says Niki Klaus, Managing Director of Nixu Certification.
The continued validity of the certificate requires regular follow-up audits. This means Wolt will continue working with Nixu Certification on a regular basis.