ISO 27001 – Vertec's high commitment to IT security

30.10.2024
|

The security of (customer) data is of central importance to IT companies in particular. At Vertec, we consider IT security top priority and use an information security management system according to ISO 27001 standards, hereinafter also referred to as ISMS. But what benefits does certification according to the ISO 27001 system bring to our customers and ourselves? This article describes how Vertec handles the establishment, implementation, maintenance and continuous improvement of an ISMS.

Vertec is certified according to recognized standards.

What is ISO 27001?

One of the goals of the ISO 27001 standard is that organizations prevent information security risks by taking appropriate security measure. A key point of the standard is the identification of all internal company values (the so-called assets). At Vertec, these include things as diverse as our Cloud Suite infrastructure, our own HR or the source code of our software.
The importance of the assets is assessed on the basis of three central criteria. These are:

  • Availability: How important is it that the asset is always available?
  • Confidentiality: How important is it that no unauthorized person can access the asset?
  • Integrity: How important is it that the asset cannot be altered?

In a second step, the risks are evaluated and defined for all assets. We do this on a scenario-based basis: Typical risks include unreadable backups or the infection of a computer with an encryption trojan virus.

What specific measures are included in the standard?

In order to counteract the greatest risks effectively, we adopt appropriate measures. We want to prevent unreadable backups by regularly restoring data from backups for testing purposes. We protect ourselves against encryption Trojans by, among other things, using antivirus software and regularly updating the software of our clients and servers.

These risks are very real: we know of cases where customers have not been able to use their backups, because they were either not made at all or were not readable. Also, some companies around us have caught Trojans with the result that all data stored on server drives were encrypted and had to be recovered from backups.

Residual risks remain even after measures have been implemented. From time to time, small risks have to be consciously accepted, because such measures would be far too expensive or time-consuming. Once a year, existing risks are reassessed, and asset managers must explicitly state whether they want to bear their risks in this way or whether further measures should be planned.

Of course, assets and risks are constantly changing. The standard also requires constant development, review and improving of your system. Finally, it is important that all employees report information security incidents. There are also binding guidelines for all employees that regulate, among other things, the handling of customer data and access to customer systems.

Once a year, an external auditor checks whether Vertec fully complies with the ISO 27001 standards and meets all requirements for maintaining the certificate.

How does Vertec as a company benefit from this?

An ISO 27001 certification not only offers added value to our customers, but also bears many advantages for Vertec as a company:

  • Improved security: It shows that we have identified our risks and have implemented appropriate security measures. The certification also guarantees that risks and measures are regularly reviewed and adjusted.
  • Higher trust: Customers notice our long-standing commitment to ISO 27001 as a quality mark and proof of safety, which creates trust and is often a prerequisite for business partnerships.
  • Legal Compliance: Helps comply with legal and regulatory requirements to protect customer data.

The added value for you as a Vertec customer

Thanks to the internationally valid ISO 27001 certificate, we can guarantee our customers a careful handling of their data. It is no coincidence that the corresponding asset “customer data” is one of the most important ones for us.

Please read more about it in our Regulation on commissioned data processing , how we comply with the data protection obligations according to GDPR for EU customers and the DSG and VDSG for Swiss Customers and process personal data in the context of the contractual relationships. On the pageData protection at Vertec we explicitly describe our position on this matter.

Another significant asset for us is the security of the Vertec software itself. We regularly perform extensive penetration tests ("pentests" for short) and have implemented a variety of measures to guarantee our customers a high level of security – also with special regard to the Vertec Cloud Suite. As a consequence, we solely collaborate with service providers that also comply to ISO 27001 standards when it comes to operation of the Vertec Cloud Suite. Please refer to the page Subcontractors to find the companies listed.

Our ISMS has been and continues to be very valuable in setting up and expanding the cloud subscription infrastructure. Since our customers’ data is stored externally and the servers belong to an external service provider, there is a number of potential risks involved that need to be clarified and additional measurement must be implemented. The ISMS helps us address these questions in a structured and consistent manner. We describe what Vertec is doing specifically for the security of the Cloud Suite in our blog article “Security in the Vertec Cloud Suite – a look behind the scenes “.

Key to success: employee awareness

Even the most sophisticated technical security solutions are of little use, if security issues are not anchored in the consciousness of all staff, and if they consider ISMS checks an annoying duty.  

A strong security culture is crucial to optimally protected customer data. At Vertec, we not only rely on technical measures, but also regularly train our employees in many aspects of information security. These trainings familiarize employees with the relevant threats and security standards, and embed awareness of data security in everyday's work.

We discuss the latest developments and security risks on a monthly basis, thereby increase attention and vigilance of our employees in handling sensitive data. In this way, we reduce potential security risks and ensure that your data is well protected at all times.

Through this ongoing training, you as a customer benefit from a team that is highly aware and well-prepared, enabling our employees to respond quickly to emerging threats and actively shape information security at Vertec.

None
08.11.2024

This was the Vertec User Conference 2024

Highlights of the Vertec User Conference 2024: exciting bring forward, new features of version 6.8 and valuable networking. Let’s review the afternoon with us.
None
25.10.2024

How modern file management is transforming your law firm: 5 benefits that pay off

5 tangible benefits for deadline monitoring, convenient use, adaptability, overview and security.
None
23.08.2024

How We See Lawyers: The Path to Optimal Law Firm Organization

Find out how Vertec helps lawyers to make law firm processes such as mandate management, service recording, invoicing and deadline monitoring even more efficient and successful.
None
02.07.2024

Should you do it just because you can?

Vertec’s immense adaptability offers countless opportunities to optimize your own business processes. But not every adjustment makes sense. Where are the limits of adaptability?
None
15.05.2024

Deadline monitoring for lawyers – easily implemented with Vertec

The new 'deadline monitoring’ feature provides lawyers and law firms with an efficient solution for organising, monitoring and meeting deadlines.
None
07.05.2024

Efficient expense recording thanks to receipt recognition with AI

Vertec now automatically recognizes your expense slips! Find out how AI makes their daily work easier.
None
20.03.2024

Firm software in the cloud – securely into the future

The way law firms map, manage and optimize their processes is changing significantly
None
08.12.2023

The additional feature “Attendance presence times Rule Check” complements the Vertec performance recording

The additional feature “Rule Checking presence times” provides employers with even better protection against working time violations.
Bitte wählen Sie Ihren Standort