Serrala at the Credit Expo

It's time for the biggest event for the credit management sector in the Netherlands: the Credit Expo. This year's Credit Expo is all about High Performance: a pragmatic management method that allows you to achieve significantly better results by working smarter.

All Posts
Tags: Share via:

June 2018

ISO 27001-certified organizations are scrutinized by an independent auditor every year to confirm their continued discipline and commitment towards information security. Last week, AcceptEasy passed review by a Lloyd’s Register auditor with flying colors. This is a big deal – not just for us, but also for all the organizations that rely on us (or are still looking for a vendor they can trust). Why?

Customers + Messages + Payments = Risk

We’re a vendor of software & services to generate and send millions of payment requests to consumers and small businesses. As such, we receive a lot of data from our clients. This is serious business in terms of privacy and information security, especially as we facilitate money changing hands. Even more so because we serve many large brands who do not want their reputation damaged by a supplier who messes up. Fortunately, we’ve had security top of mind since we came into business some ten years ago. This has served our clients (and their customers) well – more on that below.  

Security = Technology + Process + People

Even so, about two years ago we decided to embark on a journey to become certified against the leading global standard for information security, ISO/IEC 27001. A main reason for that decision was that information security is not just about IT – it’s also about people’s behavior, processes and organizational controls. Tools don’t take contracts off a printer or business cards off a desk – people do. As we grow in staff, customer base and international footprint, making sure that everyone does things right every time becomes increasingly important. And if (if) there is even a minor potential incident, we take the right steps to resolve and report the situation and prevent it in the future. ISO forces you to think and act. It keeps you on your toes as business and technology evolves rapidly. Not just as a standard, but as a set of mandatory periodical ceremonies. 

I’m doing this for you, you’ll thank me later

So we succeeded in getting our ISO27001 certification in 2017 (on our first try), and showed last week that this was not just a flurry of activity to get a piece of paper. From IT to Marketing to HR to Operations, our people take this stuff seriously all day every day – sometimes even saying no to our own clients to protect them from themselves:

  • Some clients have tried to hand us batch files containing customer data through insecure means, which we then politely refuse even if it risks delaying a large run that brings us revenue.
  • Same for private keys needed to connect our systems to theirs to go live.
  • Our people don’t log on to unprotected wi-fi unless through VPN, even if that prevents us from doing an online sales demo.
  • We only use approved software even if another tool could help us, and in general protect the data we receive and generate.
  • As ISO rolls into GDPR, we collaborate on the required Data Processor Agreement between the client and AcceptEasy and often take the initiative in providing our default agreement. 

Demand the real thing, not just good intentions

As a corporate or government organization, you should demand all this from a service provider (especially where cloud-based software and customer data are involved). And not just as a set of RFP questions whose boxes are more easily checked than the reality on the ground. But by means of proven and continued independent ISO-certification. Smaller vendors are great, but they need your business and can easily resort to smoke and mirrors to appear earnest and secure. As we now know, passing an ISO audit requires and proves the real awareness, the real policies, the real tools and the real rigor that keep the information you entrust us with secure. This blog by a peer vendor explains it differently.

We hope you appreciate the importance of ISO-certification as you evaluate vendors like us going forward. Your customers sure do, even if they’re blissfully ignorant of what it takes to protect them.

p.s. Just so you know, keeping your data secure does also cost some money.

Jeroen Dekker
ABOUT THE AUTHOR | Jeroen Dekker
Jeroen Dekker joined Serrala Solutions in 2016 after 15 years at international B2B software companies as bridge between market(ing) and product. He was product manager and spokesperson for the Financial Crime Risk Management Solutions of Fiserv. Jeroen holds degrees from the Haarlem Business School and Northern Arizona University.

Landing Pages: The Do’s and Dont’s

Improve your forms, page structure and overall leads. Fusce dapibus

Get Your Copy
Recent Posts

Serrala at the Credit Expo

It's time for the biggest event for the credit management sector in the Netherlands: the Credit Expo. This year's Credit Expo is all about High Perfor...

Read more

Serrala at the Dia - How financial software helps innovate insurance

We were one of the sixty chosen companies to present our solution on the Show & Tell stage at the DIA conference in Amsterdam last June. The DIA i...

Read more

A payment page with your own domain URL

Our payment links reach millions of people via many different channels, on behalf of the billers who use our services. They all link to a payment page...

Read more

Name Change: AcceptEmail BV becomes Serrala Solutions BV

As previously communicated through various channels, AcceptEmail BV is since the end of February part of the Serrala Group. You can read the press rel...

Read more