NEP expands important ISO 27001 Data Security certification for its clients
Hilversum, 21 July 2019Not a week passes and another big information or data breach makes the headlines. This is why the protection of data is of the highest priority at media technology business NEP. The company’s previously obtained ISO 27001 certification has not only been extended for 3 years, it has also been expanded to include the areas of Centralized Production and Virtualized Editing.
Sander de Vries, who in his function as Chief Information Security Officer is responsible for the security policy at NEP The Netherlands, underscores the importance of this certification milestone: “You must be able to show the outside world that you know what you’re doing in the field of security. Our clients want to have maximum certainty that their data is protected, and this international standard provides us with a standardized framework that is used and accepted as best practice all over the world.”
“The ISO certification applies to Digital Media Services (DMS), Playout, OTT and VOD deliveries, Managed Hosting, and we were able to add two new components: Centralized Production and Virtualized Editing. In short, everything we manage in our data center is now officially certified. I consider this step not only a precondition but also a ‘hygiene factor’ in order to continue to grow as an organization.”
At the top of the class
Sander de Vries is familiar with the mantra in the world of security: either you’ve been hacked or you’re not aware of it yet… “Everything that is made by people can, in principle, be hacked by people. In other words, something can always go wrong, but the crux of the matter is how to deal with that knowledge and how the security processes are organized. At NEP we have a very strong 24/7 incident response department that mainly works to prevent security breaches from happening in the first place. We want to be at the top of the class.”
“And where we previously had to educate our clients about the risks and everything we did to safeguard their service or product, they now seem very aware of data security and take these things into consideration more often, asking us critical questions. That awareness has really become a trend and the ISO 27001 certificate certainly helps us assure our clients that we are following the top standards. It has even become a knock-out criterion in tender procedures.”
There is also awareness internally at NEP, De Vries notes with satisfaction. “Recently, we had a guest speaker on the subject of cybersecurity and the two sessions were visited by nearly 400 people, which accounts for half the company. This says everything about how much we want things to be in good order, that we want to know where we stand. The management system for information security gives us that insight where security is concerned and also what we must do in the future to improve on it even more. With everything that is newly developed and needs to be certified I have my day’s work cut out for me…”