WESTPOLE AND STREFF: THE JOURNEY TOWARDS ISO27001
THE CHALLENGE
With customers and tenders increasingly demanding standards for the security of sensitive data, ISO 27001 certification has become a must for Streff. This is particularly true for its document archiving, destruction and digitalization activities. “Today, many customers require us to be ISO 27001 certified,” says Maximilian Chorus, Managing Director of Streff. “It is also a prerequisite for responding to most tenders and due diligence questionnaires,” he adds. Streff’s customers include banks, financial institutions and hospitals. For them, data protection is a major issue, whether it be electronic archiving or destruction.
Streff’s objective was therefore clear: to comply with ISO 27001 standards while adapting its operations to the evolving IT environment and business activities. Streff therefore decided to implement robust processes and strengthen its security policy. “Certification would allow us to tick a number of boxes without having to justify ourselves too much to customers. What’s more, ISO 27001 certification also makes it easier to obtain PSDC status, a certification that recognizes us as a Provider of Digitization and Conservation Services,” explains Maximilian Chorus.
THE SOLUTION: AN EASIER ROUTE TO
ISO27001 CERTIFICATION
Although the certification project had been underway since 2023, it wasn’t until June 2024 that Streff, with the support of WESTPOLE, was able to concentrate fully on the project. From then on, the road to certification took just six months. To achieve this, the IT partner developed a structured four-step approach:
- Initial analysis and framework: risk assessment and target definition.
- Documentation and procedures: formalizing information security policies and strengthening IT management processes, including data access.
- Training and awareness: training teams in good security practices.
- Ongoing support: support through to the certification audit.
The result? The audit was successfully completed in November 2024 and Streff received ISO 27001 certification one month later. “Without WESTPOLE and their expertise, we would never have been able to structure our project so effectively. Antonio was instrumental in guiding us step by step, simplifying the steps and answering the auditor’s technical questions,” says Maximilian Chorus.
FEWER RISKS, MORE OPPORTUNITIES
With ISO 27001 certification, the company can assure prospects and customers that its processes meet international information security standards. What’s more, Streff can count on improved IT risk management thanks to greater team awareness, which in turn improves overall operations. But the main benefit of the certification is competitive.
“Today, this certification opens up new business opportunities for us, as it makes us eligible for a greater number of tenders. We can also respond much more quickly,” says Streff’s managing director. “With the ISO 27001 certification, we’ll be able to take on more digitalization projects, an activity we intend to increase in the future,” he adds.
LEVERAGE FOR GROWTH
Streff plans to use the certification as a lever for growth to attract new customers, particularly in the banking and public sectors. “With the ISO 27001 certification in my pocket, I think it will now be easier to approach large international companies to establish business relationships,” confides Maximilian Chorus. Streff is also looking to strengthen its partnership with WESTPOLE to keep its certification up to date over the next three years, in preparation for the renewal audit.
“This success illustrates WESTPOLE’s ability to support companies in strategic ISO compliance projects. With our technical expertise and in-depth knowledge of ISO requirements, WESTPOLE is the partner of choice for any company that wants to guarantee the security of its information while strengthening its competitiveness,” concludes Antonio Baptista Da Silva, Compliance Officer at WESTPOLE.
KEY WORDS
FROM THE CLIENT
Maximilian Chorus – General Manager
“Previously, our IT structure was completely internalized. We initially wanted to comply with ISO 27001 on our own, but the task proved to be astronomical and too complex for us. WESTPOLE then became our IT supplier, bringing together all the resources to support us through the certification process.”
Why WESTPOLE?
Faced with this certification target, external help was more than necessary. Streff chose WESTPOLE for this strategic transformation, thanks to its long-standing relation with Antonio Baptista Da Silva, WESTPOLE’s Compliance Officer. A great advantage of this cooperation: WESTPOLE is also ISO 27001 certified. With proven expertise in helping companies comply with ISO standards, WESTPOLE was ideally placed to support Streff in its certification process. The involvement of Antonio Baptista Da Silva was a key factor in the company’s success. His experience helped to structure the project and guide Streff through a complex process, while simplifying the steps involved in achieving ISO 27001 certification.
Contact our dedicated experts
Our IT Experts are eager to assist you in any way possible. They’re just one click away.
Do you have other questions? Don’t be shy, fire away!