How vent.io got ISO 27001 certified in half the time

This digital and innovation subsidiary of Deutsche Leasing AG used DataGuard to halve the estimated time for ISO 27001 certification and boosted information security awareness across the whole organisation. Here’s how.

Help! I’ve got information security gaps in my vendor assessments...

Security is always a big deal for companies working in or around the Financial Services sector due to the sensitivity of the customer data. A fact not lost on vent.io – a digital and innovation subsidiary of Deutsche Leasing AG. The vent.io team had already built robust security practices around their software development offering, but they’d also found gaps in vendor assessments and risk management processes.

“Working with consulting firms could have taken 50-80% more time to setup an ISMS . With DataGuard, we felt cared for and supported, even in challenging times.”

Always looking for proactive ways to improve, vent.io set to work on its ISO 27001 certification journey in 2023. There were two main strategic reasons: Not only would this fortify its overall security practices, but it would demonstrate vent.io’s commitment to excellence and position them as a trustworthy entity in the market.

Certification would also strengthen the bond of trust with its parent company, Deutsche Leasing, and safeguard project pipeline and revenue goals.

Why DataGuard?

Georgios Gkekas, Chief Technology Officer at vent.io, was already convinced of the need to secure ISO 27001 certification as early as possible. It would help protect the organisation from these risks and signal vent.io’s information security credentials to the market and other key stakeholders.

But why choose to partner with DataGuard?

There are several reasons, it turns out. But high on the list was the flexible nature of the DataGuard service. “The holistic approach of combining a secure platform with the support from real-life experts made us faster in this process,” says Georgios.

This created a ‘Goldilocks zone’ not offered by other consultants and one that was effective and manageable. The result? “We felt cared for and supported, even in challenging times,” Georgios says.

The benefits of partnering with DataGuard

The certification brought significant time savings in contractual negotiations. Georgios reckons ISO certification reduced contract negotiations by 20-30%. The time savings for more complex contracts could exceed 100 hours because of reduced reliance on security questionnaires and the resulting back-and-forth between stakeholders.

“ISO certification reduced time spent on contract negotiation by 20-30%”

The certification also made conversations with its parent company easier and positioned vent.io favourably in the broader market, where some customers demand the certification before agreeing to do business.

And people across the organisation have a better understanding of information security at vent.io - and the vital role they play in supporting it.

“With the advanced risk management, DataGuard has helped build a holistic view of all our 3rd party risks.”

Continuous infosec improvement

This is just the beginning. “The effectiveness of security measures doesn’t solely rest on the shoulders of a few individuals with extensive knowledge,” says Georgios. Instead, it hinges on the collective awareness and understanding of security practices across the entire team and company. Not just today – but on an ongoing basis.

“Always assume a data breach,” Georgios reminds us. “Even the most advanced companies acknowledge the inevitability of potential attacks.” In future, the key lies in being prepared to react swiftly to security incidents, minimising downtime and swiftly restoring systems. “With the advanced risk management, DataGuard has helped build a holistic view of all our 3rd party risks.”

And we look forward to continuing to help vent.io to get compliant and stay compliant as it grows in the future.