ISO/IEC 27001:2013 Certification: Conclusive Results for the first Surveillance Audit

Following the audit led last week by leading verification services provider SGS, we are happy to announce that Aequivalent successfully passed the ISO/IEC 27001:2013 surveillance audit, without any non-compliance.

Here we recall that the ISO/IEC 27001:2013 standard is the international reference standard in terms of information security. In December 2018, Aequivalent was certified in accordance with this standard, without any control exclusion. The results of this first surveillance audit confirmed the ongoing commitment of the Aequivalent Management with regard to the protection and security of the candidates and employees’ data, who are subject to the verification process from their (potential) employer via the Aequivalent platform.

Nevertheless, opportunities for improvement always emerge from the audits carried out by the independent bodies. These audits take place at least twice a year. Aequivalent SA must therefore seize these opportunities for improvement in order to continually increase its level of safety.

Indeed, obtaining certification is not an end in itself, but a means of raising its level of security. Moreover, keeping the security level at the same stage is not sufficient to maintain the ISO 27001 certificate, and will be considered as a non-conformity, because the objective of this approach is to make the information security management system functional and effective.

If during this first year, the objective was to formalise the policies, procedures and the way of doing things, we will now focus on the technical aspects of information security, and more precisely on IT security. This aspect is critical for Aequivalent SA, having developed its own digital platform.

However, in cyber security, we know that the first risk factor is the human being. Therefore, the efforts made during the information security training sessions and awareness sessions against cyber risks must be continued and even amplified. We are referring in particular to phishing campaigns, which make our employees particularly alert to these attacks.

We thank the entire Aequivalent team and in particular our information security management system Officer,
Mr Mahandry Rambinintsoa, for their dedication and engagement.