Table of contents
We are proud to announce that the outsourcing company Morebis Inc. (morebis.net), which is part of the Devtorium group of companies, received the ISO/IEC 27001:2013 certificate in the ISMS field. We celebrate this as one of the crucial steps in our growth as an outsourced software product development company and an achievement for the entire Devtorium group.
The ISO/IEC 27001:2013 certification indicates that the accredited company maintains the high international information security standard, which is set by the International Organization for Standardization and the International Electrotechnical Commission. To prove the right to hold this certification, Morebis Inc. underwent a thorough audit during which the company confirmed:
- Its ability to implement and maintain an Information Security Management System (ISMS) compliant with the ISO/IEC 27001:2013 standard.
- Its readiness to monitor for and protect from threats.
- Its understanding of the risks and preparedness to comply with all the necessary security obligations.
- Its skill in managing the team that can successfully build a compliant ISMS.
- Its ability to support continued information security improvements to the ISMS.
Understanding how to set up and maintain such a high-standard ISMS is a valuable asset of our information security division. Also, we are happy that we can share this knowledge with our customers and help them improve their security with our aid.
While proud of this accomplishment, we would also like to say that we do not believe that this certification is the end. One of our main goals as an outsourced software product development company is to increase our level of security. We also aim to show our customers that their data is completely safe with us. And raising this level of safety is a process we are working on relentlessly even now.
The process is led by our Chief Security Officer, Nataliia Kashuba.
Nataliia Kashuba on the Future of Outsourced Software Product Development Company Morebis and Devtorium Group
Nataliia Kashuba joined the Devtorium group of companies in September 2021 during the merger between Morebis and Devtorium. At the time, she has already been hard at work obtaining the ISO/IEC 27001:2013 certification.
Nataliia has been working in the information security sector for 15 years. She holds multiple certifications, including the ISO/IEC 27001 Senior Lead Auditor and Data Protection Officer (DPO).
She considers building the company’s ISMS from scratch as one of her most notable accomplishments to date. However, Nataliia believes that one must never stop in their growth. Therefore, she already has multiple plans and goals to improve the Information Security Department in the Devtorium group of companies.
Here’s what she thinks about this milestone:
Q: What does receiving the ISO/IEC 27001:2013 certificate mean for Morebis as an outsourced software product development company?
A: It means we’ve moved up a notch in the outsourcing business. We will have more business opportunities on the global market with this certification. Moreover, as we have two ISO/IEC certified auditors on staff, we can offer security audits as part of our services. So we can help any business identify vulnerabilities in their systems and avoid disastrous consequences of data breaches.
Q: What new opportunities do Morebis and the Devtorium group of companies have now, after achieving this level?
A: The ISO/IEC 27001:2013 certificate opens many doors for us because many businesses today only agree to work with developers that hold trustworthy security certifications. So we now have a chance to participate in both state and private tenders and seek higher-level clients for development.
Q: What is the next goal for the company’s growth from the point of view of the Chief Security Officer?
A: Oooh, we have so much to work on. We must constantly improve. The security world does not stand still, and we must strive to be one step ahead of threats. That’s why our team of pentesters and security professionals is constantly working to investigate vulnerabilities and build effective strategies for strengthening security systems. The goal is always to minimize risks and prevent attacks. We must also remember that we will undergo multiple auditions for the next few years to prove that our improvement is sufficient to maintain this certification.
Q: What are the biggest information security threats now, and how can the company help its customers protect against them?
A: Alas, but People are the biggest threat 🙂 We can find vulnerabilities and help minimize losses. Information is the most valuable asset. Therefore, many are interested in making money by stealing it. Every piece of information has its price. And we can help save the valuable assets of the company by finding where the weaknesses are and building a strategy of effective defense.
Data is indeed the most valuable asset any business has. From a beauty salon’s customer database to a payment processing system’s financial information, stealing any bit of data can ruin a business entirely. As a software product development company, we work to protect our customers’ data in the best way possible. And we are sure that our Information Security division led by Nataliia can achieve this.
If you are interested in obtaining IT security services from an ISO/IEC 27001:2013 certified business, contact us!