Zurück zur Übersicht

ISO certifications at ITpoint: Effect instead of paper tiger

ITpoint is certified to ISO 27001 and ISO 20000 standards and audited to ISAE 3402. Not because we are enthusiastic about certificates and audits, but because the standards help us to have the self-discipline and culture to continuously improve. This is precisely what our customers expect from us. After all, they entrust us with nothing less than their IT. A report on the current situation.

Their annual appearance is unavoidable: since 2014, independent external auditors have been regular guests at ITpoint, examining the development of our process maturity, documenting the findings, thus ensuring that the certifications are maintained or renewed. Aligning your organization with the rules of international standardization organizations such as ISO/IEC is not done on a whim, but involves a lot of work and potential friction in order to grow in the long term. ITpoint is no exception. To avoid putting too much strain on our organization and our customers, we chose a three-step approach. Read below to find out how it went, where we stand, and what it brings to you as an ITpoint customer.

Step 1: ISO/IEC 20000 | IT Service Management | since 2014

Armin Büeler, Chief Process Officer at ITpoint remembers the ISO 20000 certification audit well:

After months of preliminary work and numerous balancing acts between improving processes and employee mindset, our nerves were stretched to breaking point.

It worked out well. The start into the era of international IT standards was done. ISO 20000 is no small matter. It is the only internationally recognized standard for IT service management. It defines an entire set of management processes designed to deliver more effective IT services to customers according to “best practices.” After several surveillance audits and re-certifications, the IT service management system at ITpoint has now reached a very high level of maturity. Learn how the 2017 re-certification went in this blog post.

Step 2: ISO/IEC 27001 | Information Security | since 2020

For Patrick Hertig, Chief Information Security Officer at ITpoint, ISO 27001 was a logical next step:

Information security is an ongoing topic but has recently become even more explosive due to the many incidents that have come to light at companies. A company that purchases IT services from us expects us to equip our organization in the best possible way.

Indeed, ISO 27001 makes us equip our Information Security Management System (ISMS) with rules, procedures and methods to manage, control, ensure and optimize information security. Meanwhile, since June 2020, ITpoint is also ISO 27001 certified. This further strengthens the processes in the service management system in terms of data security. With this certification, we provide documented proof that we comply with IT security requirements and implement measures to protect data. ISO 27001 must be audited annually by external auditors (recertification every three years).

Step 3: ISAE 3402 Type 2 | internal control system | since 2022

With ISAE 3402, we basically have external verification that we control ourselves internally. Not so much for us as for our customers. The ISAE 3402 Report of the “International Standard on Assurance Engagements” proves the effectiveness of our controlling in connection with ISO 27001 and ISO 20000. Our control system is audited and confirmed by an independent auditor on an annual basis. Our customers can use this report for their internal/external audits – without having to have it done themselves.

Continuous improvement as the main benefit

We are not ISO-obsessed, but we have recognized the value of international standards. Ultimately, the activities benefit our customers and us by:

  • Increasing service quality through continuous monitoring and standardization of IT service processes
  • Reducing the risk of service and system failures
  • Preventive safeguarding of the protection goals confidentiality, availability and integrity of information
  • Transparency in the description of IT services to customers
  • Raising employee awareness and significantly increasing service and security awareness at all levels of the company
  • Simplification for our customers to easily pass specific industry audits
  • Continuous improvement of IT processes and information security

Even though the effort to maintain ISO standards is not insignificant, the efforts increase productivity, quality and security for you as a customer. Our maxim is “Continuous Improvement”. Facing international standards initially means feeling the virtual kick in the butt. We are very pleased to have found in the meantime that a culture of continuous improvement has been established at ITpoint. When you see the sense in something, you are doubly motivated.

We very much look forward to continuing to work with you!