Data security and ISMS

June 26

Protecting data from unauthorized access is the key goal for every company working in tech industry. An effective privacy and security framework is inevitable for working with a collection of personal data and it is the highest priority to xbird. Trust is the foundation of any cooperation especially in the digital health industry. Every stakeholder needs to be sure that all the data is secure. It has a direct and immediate impact on the reputation and trust index of the contractor.

That is why all the tech companies are investing a lot in data security and implement various instruments. However it’s not only protective instruments that can ensure your security, a huge part of it is awareness and consciousness of all the team members. Trained and competent staff will enable your security objectives to be met if they treat all the security policies with respect. For us implementing an Information security management system (ISMS) based on the ISO 27001 was the best approach.

It took us about 6 months to implement the main aspects of ISO 27001 and after one year our main goal is to make our ISMS a living system and create a high level of awareness on an employee level.

  • Intense Onboarding training. All xbird employees are trained from the beginning to be active in the detection of weak spots in the system. ISMS is a huge block in our onboarding process and we pay a lot of attention to this topic from the very first day. It may seem painful for new coming team members but it is something that needs to be done from the beginning in order to turn it into a habit. The more aware each team member is, the more robust the ISMS is.
  • Monthly checks and quarterly trainings. We have regular monthly checks of work environment and devices on weak spots and employee feedback. Our team is making a huge contribution into a living ISMS and raise a hand in case of any uncertainty. Also we organize quarterly trainings on specific topics, such as social engineering or teleworking.

Security in development should be mentioned as a separate issue and as one pillar of work in the product and engineering team. We are dealing with patients data and it is our highest priority not only to protect it but to understand all possible risks beforehand and embrace security controls as part of our everyday working practices.

Hight level goal for ISMS systematic approach is to make all the existing information subject to:

  • Confidentiality. Only authorized people, entities and processes have access to the information.
  • Integrity. All the information is kept complete, accurate and protected from corruption.
  • Availability. Authorized users have access to the information.

These three key aspects of information security are well known to every entity that implemented ISMS principles. We see compliance with these high standards of data security as our duty and the highest priority.

This project is co-financed via the European Regional Development Fund (ERDF)