“Our Information Security Management System defines a set of policies and processes that ensure confidentiality, integrity, and availability for all of the data that Ultragenic handles. Being a life sciences domain expertise technology services company, being ISO/IEC 27001 Certified is an important milestone for us.”
– Amit Jain, CISO
Established by the ISO and the IEC, 27001 is a comprehensive information security management standard, which specifies a set of stringent controls and best practices. Achieving the ISO 27001 certification earlier this year (February 2022) has been a significant milestone for Ultragenic and a proud moment for the team. It is a reflection of eight months of hard work to establish organization-wide secure protocols to ensure reliability of our systems and security of the data entrusted to us by our customers.
Customer Trust is our priority
One of the biggest concerns for organizations in general, and pharma companies in particular, is data protection. With pharma companies collecting a wide range of patient personal and medical data, the laws of the land require that such data be absolutely secure. As specialist technology service companies working closely with pharma clients, we are increasingly asked to prove that we can be trusted with information security and privacy management. Having a Global ISO/IEC 27001 certification validates the strength of our internal controls and processes, and demonstrates our preparedness against security breaches.
“Achieving this certification demonstrates our commitment to protecting our clients’ information assets to the highest standards of information security on a global scale.”
– Pravin Nath, CEO
Our ISO Journey.
Our ISO journey started in June 2021 and was completed over eight rigorous months.
It started with the assessment of potential risks and areas of vulnerability, followed by the implementation of the necessary processes, practices and protocols across the organization to control how and where information is stored and used. This included a list of clauses we need to abide by and around which the controls had to be established. These controls are applicable to all the employees, across all the departments at Ultragenic. Given that majority of our workforce was working from home at the time, the task was all the more challenging. The IT infrastructure had to be upgraded and updated with the latest protection. In addition, we had to train our people on these protocols so that, over time, it would become second nature for them.
A multi-layered monitoring system was established within the organization to ensure compliance of all necessary protocols. The functional department heads were made responsible for the compliance of established controls in their respective functions. The second layer comprised of an ISO (Information Security Officer) and a CISO (Chief Information Security Officer), further monitored by an ISMS steering committee and supported by the IT team.
Once the controls had been established, necessary communication and trainings shared with the team and the multi-layered monitoring system was put in place, we had to satisfy stringent independent audits conducted in two-stages by the BSI (British Standards Institution).
ISO 27001 (Information Security) is now in our DNA
The ISO 27001 process is not a single time event. There is an annual audit to regularly monitor and assess the efficacy of the established controls and protocols. It is followed by a full audit every third year for re-certification.
The benefits of ISO 27001 are significant and easily outweigh the potential business cost resulting from loss in reputation, or financial damages incurred due to data breaches or security incidents.
Besides gaining customer confidence and trust through a validated information security management system, our ISO 27001:2013 journey has also helped us strengthen our internal systems, improve management processes and increase business resilience. We can safely say that ISO 27001 is now part of the Ultragenic DNA.