CompLions-GRC customers on the advantages of working with the GRC tooling
Cyso from Alkmaar is a managed hosting provider. The company ensures that customers’ websites and web applications are available online. Co-Founder, Sven Visser answered the questions.
Why is Cyso certified?
Of course we have to deal with questions from our customers. In addition, as a company, we want to be able to handle information security professionally and to be able to demonstrate that. Then ISO27001 and NEN7510 are indispensable. We also have ISO20000, which is the standard for IT Service Management.
Was Cyso already certified before CompLions-GRC came into the picture?
No. When I drew up the shortlist, I noticed that there were parties who wanted to support us in the certification processes in the traditional way, with many Excel sheets. That didn’t appeal to me very much. At Cyso, we did everything we needed to do in this way, and I wanted to get rid of that. CompLions-GRC was one of the few providers that had a SaaS solution. That appealed to me more, especially when I understood what we could do with it. In addition, there was an immediate click between the companies, which is also important.
What has changed as a result of using the CompLions-GRC tooling?
What we notice is that certainly the auditors of larger customers always want to know how we work and which methodologies are applied. If we then indicate that we are using the CompLions-GRC tooling, she will be reassured. Then they know that nothing has been skipped and that everything is clear. That is part of the story. There is also an internal aspect to mention. The risk analyses we made previously inevitably knew the authors’ own interpretation. This often led to discussions. Now there is a neutral framework of standards that everyone adheres to.
Does it save you time?
As I said, with the risk analyses, we now all have the same framework. We’re all talking about the same thing now. That is, of course, an improvement in efficiency, so it also saves time.
What can Cyso do now, which was not possible in the past?
By using the CompLions-GRC tooling we are better able to pay attention to more than the technology. By that I mean that we are a technical company and have a tendency to look for a technical solution for every challenge. With IB you have to take a broader view and the GRC tooling forces us to do this at every step. As a result, our processes and solutions are getting better and better.
Furthermore, we can now fully integrate special customer requirements with the audit. For example, an additional requirement about Disaster Recovery. By including the rules for this in the GRC tooling, the procedures and agreements are 100% guaranteed and it becomes auditable
What are Cyso’s ambitions and how does CompLions-GRC help with this?
We have a healthy growth ambition and expect to grow to 100 employees. We will continue to focus on the mid-market segment. What we see is that the certification requirements set by the corporates inevitably seep through to our customers. Thanks to the CompLions-GRC tooling, we are prepared for this, but it cannot be ruled out that we will need even more certifications. A form of AVG certification or an ISAE3402 declaration could then be one of them.