Where the various parts and entities within Spotler Group have been ISO 27001:2013 certified for years, Spotler Group has now achieved the latest version of the 27001 certificate for all those underlying parts and overarching entities. After a successful audit during December ‘24 and January this year, the entire organisation has been certified for ISO 27001:2022.
Audit scope and certificate
For the new ‘recertification’, the Spotler team has worked thoroughly and we are therefore extremely proud to be certified after the audit by DNV GL that we have achieved certification for a broad scope. The scope for which the whole Spotler Group is ISO certified covers:
‘Supporting Spotlers’ software development and maintenance, infrastructure, products and services and ensuring the integrity of customer data.’
ISO 27001:2022 vs. ISO 27001:2013
Now that the entire Spotler Group is ISO 27001:2022 certified, our entire organisation is fully compliant with the latest standards. And although ISO 27001:2013 is also still considered a valid ISO certificate, the ISO standard is clear about the deadline by which an organisation must have switched to ISO 27001:2022:31 October 2025. So that has now happened for Spotler. We are pleased to have achieved this 8 months before the deadline.
Differences between the 2022 and 2013 standards
What is different about the ISO 27001:2022 certificate, you might ask. For a start, descriptive name of the standard has been changed. There have been a lot of developments in cybersecurity and privacy protection in recent years. These are obviously important pillars that fall under information security. Hence, these terms have now been included in the descriptive name of the ISO 27001 standard.
As a result, the descriptive name of the ISO 27001 standard is again completely up-to-date when it comes to exactly what information security means:
- New name: Information security, cybersecurity and privacy protection – Information security management system – Requirements
- Old name: Information technology – Security techniques – Information security management systems – Requirements
Besides a new name, changes have been made to the structure. For instance, several chapters and paragraphs in chapters have been tightened, added, rewritten or split. Furthermore, several chapters and management measures have been rearranged and merged. The number of management measures has also been reduced from 114 to 93; as well as merges between existing measures, 11 new management measures have been added.
Finally, you may also have heard or read about ISO 27001:2023. In terms of content, this standard is exactly the same as the ISO 27001:2022 standard. ISO 27001:2023 is the European version of ISO 27001. This version is completely identical to the global version (27001:2022), only a European preface has been added.
Why ISO 27001?
ISO 27001 is the international standard for information security. The standard describes how organisations should set up information security processes to ensure the confidentiality, availability and integrity of information within organisations. Spotler and its software comply with this standard, demonstrating to all our customers, partners and suppliers that we are serious about data security and that we act accordingly.
“At Spotler, we work with a lot of customer data on a daily basis, so it is important for us as an organisation to handle it properly and securely. The ISO 27001:2022 certificate shows that our organisation and software meet the highest information security requirements. In addition, the audit shows that Spotler’s employees have a high level of awareness when it comes to security awareness and of course I am very proud of this!”
– Michel Spee, Head of Information and Data Protection