Howspace, a Helsinki-based technology company, is known for its transformative platform designed for limitless involvement. By bringing facilitation methods to a digital environment, their platform enables organizational development initiatives, learning and training programs, and community building. Built on over 20 years of expertise, Howspace drives engagement and change in over 30 countries with over 200 partner organizations.
Showcasing a strong commitment to cybersecurity
The certification audit had clear goals. Firstly, it aimed to assure existing customers that Howspace’s Information Security Management System (ISMS), which protects the organizations’ operations and platform, meets global security standards. Secondly, it aimed to show potential customers their strong commitment to the highest security standards, making it easier for them to choose the service. Moreover, it aimed to strengthen the internal culture that values cybersecurity, making it a key consideration in all decision-making.
“The ISO 27001 certificate simplifies the formidable task of addressing numerous cybersecurity inquiries and satisfying the auditors of each new customer,” says Ivan Larkins, Howspace’s Information Security Lead.
“There were three aspects in Howspace’s ways of working that contributed to the smoothness and record-setting speed of the certification audit: open-minded attitude, exceptional preparation, and a methodical and transparent approach to ISMS design.” Matti Leinonen, Lead Auditor, Nixu Certification
Open-minded attitude and excellence in preparation make a difference
Howspace’s journey towards ISO 27001 certification commenced six months prior to Nixus's involvement. The thorough preparation was crucial in setting the foundation for an intensive certification process.
The ISO 27001 certification audit unfolds in two stages. Initially, the auditor conducts a stage 1 audit, reviewing the ISMS documentation and high-level processes to ensure the presence and correct implementation of requisite ISMS components. Subsequently, a stage 2 audit scrutinizes lower-level processes, activities, and security controls. Upon successful completion of both stages, the ISO 27001 certification is issued.
Howspace opted for Nixu after discussions with various firms due to their evident technical expertise and high level of ambition demonstrated already within the initial interaction. ”The professionalism, trustworthiness, and value for money exhibited by Nixu Certification exceeded our expectations,” says Larkins.
“There were three aspects in Howspace’s ways of working that contributed to the smoothness and record-setting speed of the certification audit: open-minded attitude, exceptional preparation, and a methodical and transparent approach to ISMS design,” states Matti Leinonen, Nixu’s Lead Auditor.
”The professionalism, trustworthiness, and value for money exhibited by Nixu Certification exceeded our expectations.” Ivan Larkins, Information Security Lead, Howspace
Setting the cybersecurity bar high for the future
Howspace’s distinctive approach to ISO 27001 lies not only in meticulous preparation and robust documentation but also in leveraging its own Howspace SaaS platform as an integral component of the ISMS.
”The audit highlighted Howspace's robust platform in simplifying the operation of its ISMS and the organization’s exceptional receptiveness to constructive criticism,” says Leinonen and continues: ”This open-minded approach turned potential arguments into productive discussions, fostering security enhancements for the benefit of various stakeholders and, ultimately, the company's reputation. Howspace swiftly embraced the standard’s core principle of continual improvement, making the audit a rewarding experience.”
”We strive to work with organizations that value cybersecurity expertise and are ready to be challenged in this area”, says Niki Klaus, Managing Director of Nixu Certification. “We are happy that Howspace chose to work specifically with Nixu Certification to improve their business resilience even further”, Klaus concludes.
”Nixu Certification’s dedication, competence, and ability to challenge us in caring and constructive ways was genuinely incredible,” concludes Larkins. Sustaining the certificate's ongoing validity necessitates routine follow-up audits. Consequently, Howspace will maintain an ongoing collaboration with Nixu Certification. Beyond adhering to ISO 27001, Howspace views Nixu Certification as a potential cybersecurity auditing partner on many fronts in the future.