Meer klanten, minder financieel risico

Hoe slimmere onboarding je meer goeie klanten oplevert

All Posts
Tags:
Share via:

June 2018

ISO 27001-certified organizations are scrutinized by an independent auditor every year to confirm their continued discipline and commitment towards information security. Last week, AcceptEasy passed review by a Lloyd’s Register auditor with flying colors. This is a big deal – not just for us, but also for all the organizations that rely on us (or are still looking for a vendor they can trust). Why?

Customers + Messages + Payments = Risk

We’re a vendor of software & services to generate and send millions of payment requests to consumers and small businesses. As such, we receive a lot of data from our clients. This is serious business in terms of privacy and information security, especially as we facilitate money changing hands. Even more so because we serve many large brands who do not want their reputation damaged by a supplier who messes up. Fortunately, we’ve had security top of mind since we came into business some ten years ago. This has served our clients (and their customers) well – more on that below.  

Security = Technology + Process + People

Even so, about two years ago we decided to embark on a journey to become certified against the leading global standard for information security, ISO/IEC 27001. A main reason for that decision was that information security is not just about IT – it’s also about people’s behavior, processes and organizational controls. Tools don’t take contracts off a printer or business cards off a desk – people do. As we grow in staff, customer base and international footprint, making sure that everyone does things right every time becomes increasingly important. And if (if) there is even a minor potential incident, we take the right steps to resolve and report the situation and prevent it in the future. ISO forces you to think and act. It keeps you on your toes as business and technology evolves rapidly. Not just as a standard, but as a set of mandatory periodical ceremonies. 

I’m doing this for you, you’ll thank me later

So we succeeded in getting our ISO27001 certification in 2017 (on our first try), and showed last week that this was not just a flurry of activity to get a piece of paper. From IT to Marketing to HR to Operations, our people take this stuff seriously all day every day – sometimes even saying no to our own clients to protect them from themselves:

  • Some clients have tried to hand us batch files containing customer data through insecure means, which we then politely refuse even if it risks delaying a large run that brings us revenue.
  • Same for private keys needed to connect our systems to theirs to go live.
  • Our people don’t log on to unprotected wi-fi unless through VPN, even if that prevents us from doing an online sales demo.
  • We only use approved software even if another tool could help us, and in general protect the data we receive and generate.
  • As ISO rolls into GDPR, we collaborate on the required Data Processor Agreement between the client and AcceptEasy and often take the initiative in providing our default agreement. 

Demand the real thing, not just good intentions

As a corporate or government organization, you should demand all this from a service provider (especially where cloud-based software and customer data are involved). And not just as a set of RFP questions whose boxes are more easily checked than the reality on the ground. But by means of proven and continued independent ISO-certification. Smaller vendors are great, but they need your business and can easily resort to smoke and mirrors to appear earnest and secure. As we now know, passing an ISO audit requires and proves the real awareness, the real policies, the real tools and the real rigor that keep the information you entrust us with secure. This blog by a peer vendor explains it differently.

We hope you appreciate the importance of ISO-certification as you evaluate vendors like us going forward. Your customers sure do, even if they’re blissfully ignorant of what it takes to protect them.

p.s. Just so you know, keeping your data secure does also cost some money.

Jeroen Dekker
ABOUT THE AUTHOR | Jeroen Dekker
Jeroen Dekker has been working for AcceptEasy since 2016 after 15 years of experience at international B2B software companies as product (marketing) manager. He was product owner and spokesperson for the Financial Crime Risk Management Solutions of Fiserv. Jeroen holds degrees from the Haarlem Business School and Northern Arizona University.

Landing Pages: The Do’s and Dont’s

Improve your forms, page structure and overall leads. Fusce dapibus

Get Your Copy
Recent Posts

Meer klanten, minder financieel risico

Hoe slimmere onboarding je meer goeie klanten oplevert Veel aanbieders in de subscription economy gebruiken kredietscores tijdens hun onboarding proce...

Read more

Overzicht boekhoudpakket koppelingen

Klinkt goed, maar hebben jullie een koppeling met ons boekhoudpakket? Als je software-oplossingen verkoopt is “integratie” altijd een lastige horde. W...

Read more

11 betaalproblemen die je concullega's dit jaar hebben opgelost

Plannen maken voor de komende periode betekent ook keuzes maken. Welke projecten en verbeteringen krijgen voorrang op de lange lijst? Dat bepaal je de...

Read more

DIA Munich 2018 recap – app and platform fatigue sets in

Showcasing innovation to insurance companies is easier said than done. But living through the experience resulted in valuable feedback on what decisio...

Read more