Written by Laurent Dupont

Tobania

ISO 27001-certification

‘Toreon stood out because of their unique, personal touch’

Tobania, one of the leading Belgian Business & Technology Consulting firms, takes pride in successfully guiding their customers through a wide variety of digital business transformations. The growing demand of potential customers for the ISO 27001 certification made Toreon appear on the company’s radar. Toreon’s one-on-one approach and their ability to oversee the implementation & certification process from start to finish is what made the collaboration between Tobania and Toreon a success.

Over one thousand qualified and motivated Tobania professionals, ranging from programmers and analysts to project managers and IT architects, engage with customers on a daily basis to successfully complete a wide range of digital projects. One of those professionals is Maya Vanderhaeghen, Quality, Risk & CSR Manager at Tobania, who also supervises ISO projects.

Maya points out that Tobania also has a dedicated security department, staffed by ten skilled, solution-oriented specialists, that focuses on both their own digital security and that of their customers. “We approached Toreon specifically to assist us with their expertise concerning information security”, she adds.

Cybersecurity and data protection are crucial to Tobania on two levels: on the one hand, it is one of the services the company offers its clients, and, on the other hand, Tobania itself is a highly digitized business. This means Tobania requires protective measures to be put in place in-house as well to keep unauthorized access out of computers, websites, and databases and to store data safely. Maya explains, “We were looking for a new security solution because we wanted to underline the importance of data security for Tobania by obtaining the ISO 27001 certification.” Moreover, due to the rise in data protection legislation, Maya’s company noticed how potential customers – governmental agencies and financial institutions in particular – increasingly attach significant importance to proof of data security and privacy by a company, by, for instance, implementing an Information Security Management System (ISMS.)

ISO
27001

ISMS

PRIVACY

Knowledgeable

“As this was all very new to us at the time, we started looking for a partner to guide us through the process,” Maya says. “Seeing one of my colleagues was familiar with Toreon and its services, we decided to set up a meeting with them, as well as about three other interested parties,” Maya adds. One of the competing parties was a company that had implemented ISO 9001 with Tobania, to demonstrate the company’s ability to consistently provide services that meet customer and regulatory requirements. That competitor, however, turned out not to be as knowledgeable about data security measures as Toreon.

So, what else made Toreon stand out for Tobania? Maya describes how their final choice was definitely made based on a combination of several reasons: “Although there were similarities between the different candidates, they each had their own individual approach to the process, ranging from price-setting strategies to their takes on collaboration. After meeting with Toreon, we found that, apart from having the necessary expertise, they stood out because of their unique, personal touch. We really felt that Toreon believed in a one-on-one approach, much more than a larger company would.”

‘The Toreon professionals were really willing to get to know us, to become part of Tobania’s story, which we very much appreciated’

Maya Vanderhaeghen – Quality, Risk & CSR Manager Tobania

Added value

Maya also considers the fact that two Toreon employees were dedicated full-time to Tobania’s road to certification as proof of Toreon’s added value: “Those two Toreon professionals were very complimentary in terms of their backgrounds and expertise – one of them being more technically proficient, the other one being very knowledgeable about information security standards. Moreover, it seemed that they were really willing to get to know us, to become part of Tobania’s story, which we appreciated.” Another advantage Toreon offered, in Maya’s opinion, was the fixed-price contract which included everything from set-up, internal audit, implementation of and guidance during ISMS maintenance, to the external audit: “The set price gave us that extra sense of security; we knew we would not have to face any unexpected costs along the way.”

Tobania started negotiations with Toreon at the end of 2018, and their journey towards effective data security lasted until about November 2019, with a successful external audit resulting in obtaining the ISO 27001 certificate. Although Maya reflects back positively on her company’s collaboration with Toreon, she does admit there is still some work to be done: “Although the project went smoothly overall and we enjoyed the collaboration, we now realize the tailored content Toreon provided us with needs to be maintained.” However, Maya continues, “we can now present our clients with a guarantee that we adhere to all aspects of the ISO 27001 standard. Moreover, it saves us plenty of time: by simply referring to our ISO 27001 certification, we can answer almost any of our customers’ security-related questions.”

Guiding principle

The collaboration between Toreon and Tobania comes with another bonus feature, according to Maya: “For us, the fact that we have obtained ISO 27001 certification acts as a guiding principle in our security department: where are we when it comes to data security? What aspects do we need to consider? To put it simply: it gave us a starting point we can now build on ourselves.” To conclude, Maya stresses the all-important commercial added value for Tobania: “We now attract new clients, which allows us to keep on making a difference in the Belgian market.”