Getting in Control of Information Security
A New ISMS
Leon van der Valk, Chief Information Security Officer at SPIE Netherlands, remembers how it started: "In 2020 we were preparing for ISO 27001 certification when external pressure forced our hand: we suddenly needed a new Information Security Management System, fast. Our IT partner pointed us to ISOPlanner™. We ran a test, the results were immediately convincing, and we bought the application."
Scalable and Functional
He continues: "ISOPlanner™ was initially built for smaller companies, but together we shaped it to fit a large one. Each of our divisions runs in its own silo, and those silos connect, so the platform scales to our structure instead of fighting it."
Essential Part of Business Processes
Once the test proved itself, ISOPlanner™ rolled out across the organisation and became a fixture in the ISO 27001 certification process. "Around 30 colleagues now work in it, across management, IT and the business units." he says, "Access rights to applications are all managed through IT inside the platform. ISOPlanner™ has genuinely become part of how we run the business and our security."
User-friendly and Functional
What SPIE Nederland values most is how approachable the platform is. Van der Valk: "Next to comparable tools, ISOPlanner™ is far more accessible and user-friendly. Because it is easy to pick up, I have run into zero resistance from colleagues. I repeat, zero resistance. It is one big battle less. You do not want to be fighting internal resistance, you need to focus on the project itself."
Structure, Overview and Guidance
Van der Valk continues: "The value really shows the moment you need to know what to actually do. Hand someone a 100-page standard in English and the first thing you hear back is, 'Yes, but what am I supposed to do?' I had to read it several times myself, and I am a security specialist."
ISOPlanner™ answers that question. It spells out the next action, structures the underlying evidence the auditor will want to see, and keeps a large group of people working the same way. He adds: "I do not copy documentation around, we work in SharePoint. ISOPlanner™ pulls those documents in and links them straight to the risks and policies."
A Partner, Not a Package
SPIE Nederland also rates the open line to the ISOPlanner™ team. Van der Valk: "We genuinely learn from each other. The team is always open to feedback, they listen to what we need and move with us. This is not some rigid package you buy and live with. It is clear, it is pleasant to work with, and honestly, I am extremely happy with it. The tutorials make it even easier to get going."
Ahead of NIS2
With ISOPlanner™, SPIE Netherlands hit its first goal: ISO 27001 certification for its opening business units. Five certificates are now in house across different divisions, with more on the way.
He looks ahead: "ISOPlanner™ lets us get ahead of what is coming. New regulations are arriving that will hit our organisation hard, NIS2 among them, and IEC 62443 for cybersecurity in industrial automation, which governs how industrial infrastructure and processes are secured. We have to act on that now, and ISOPlanner™ makes it straightforward: that standard set is coming to the platform soon. That is the point, they keep in pace with what the market actually needs."
Where It All Comes Down To...
Van der Valk concludes: "It comes down to this: our certification work is simpler, clearer and far less of a slog. We have a real communication tool that serves every division and business unit and keeps colleagues and management in the loop. And it is a pleasure to work together, we learn from each other and we both keep pushing things forward."
