5 min read
In addition to the challenges posed by the global economic slowdown, businesses now face an increased need for robust cybersecurity measures. As technology advances rapidly, there is a growing threat of cyber-attacks and data breaches. In response, the International Organization for Standardization (ISO) has introduced the new ISO 27001:2022 certification, which sets the standard for information security management systems and replaces the previous ISO 27001:2013 framework.
Even though the deadline to implement this new version is the 31st of October 2025, we decided to embrace this opportunity to learn the new best practices as fast as we could and be amongst the first to be certified.
Why go through the ISO 27001 certification in the first place?
In 2020, we embarked on a transformative journey towards achieving the esteemed ISO 27001:2013 standard. Throughout this process, we gained invaluable insights into enhancing our policies, refining our information management strategies, and adopting a risk-based approach ingrained in Spixii's culture since its inception in 2016. This commitment to excellence and continuous improvement has allowed us to meet the ISO 27001:2013 standard and exceed it.
By undertaking this transformative journey, we have demonstrated our unwavering dedication to information security and protecting the valuable assets of our clients. Through rigorous risk assessments, incident response plans, robust Data Protection Impact Assessment (DPIA) and ongoing monitoring and improvement, we have fortified our defences against cyber threats and ensured the confidentiality, integrity, and availability of sensitive data.
Our journey towards ISO 27001:2013 certification has strengthened our internal operations and positioned us as an expert SaaS provider in the insurance industry. As insurers handle vast amounts of personal and financial data, they must prioritise information security to protect their customers and maintain their reputation. By achieving this certification, we have shown our commitment to safeguarding our policyholders' data and have instilled confidence in our clients that appropriate measures are in place to prevent unauthorised access while talking to their chatbot.
What are the changes between ISO 27001:2013 and ISO 27001:2022?
The release of ISO/IEC 27001:2022 in October 2022 has brought significant updates to the world's leading information security standard. ISO 27001 provides control requirements for establishing an Information Security Management System (ISMS). This latest version, ISO 27001:2022, is a moderate update from its predecessor, ISO 27001:2013, with the majority of changes focused on the Annex controls, aligning them with the updates made to ISO 27002:2022 earlier in the year. The Annex controls have undergone restructuring, with new additions and some being merged or renamed.
The principal clauses of ISO 27001:2022 remain the same as in the previous version, but there have been slight modifications to the text to enhance alignment with other ISO management standards. These changes aim to facilitate a better understanding of how Annex A controls contribute to information security. Previously, the domain names were more geared towards IT professionals than management. As organizations strive for certification under ISO 27001:2022, they must update their Statement of Applicability to reflect the new structure.
One significant update within Annex A is the introduction of 11 new controls. Organizations currently certified under ISO 27001:2013 must ensure that they have appropriate processes to meet these new requirements or establish new processes to incorporate the controls into their existing ISMS. Notably, the inclusion of "threat intelligence" emphasizes the importance of gathering and analyzing information about threats to enable proactive risk mitigation. Companies certified under ISO 27001:2013 may not have previously addressed this element, highlighting threats' evolving nature and risk mitigation's continuous nature. ISO 27002 can provide further clarity on this topic, offering additional implementation guidance. New specific controls to handle remote workers are also now in place to guarantee business continuity.
From now on
With our extensive experience in ISO 27001, enriched also by the relationship with different independent auditors, we pride ourselves on our commitment to maintaining up-to-date documents and policies for both internal and external audits. This dedication ensures that we are always meeting the latest industry standards and regulations.
One of the significant advantages of achieving certification with the latest ISO 27001:2022 standards is the accelerated speed at which organizations can leverage and implement the Spixii CPA platform. By adhering to these stringent standards, we have streamlined the IT procurement process, allowing for quicker and more efficient implementation of our platform. In fact, we have already prepared comprehensive documents that address 99% of the inquiries typically raised during the procurement process. This level of preparedness not only saves valuable time and resources for our clients but also demonstrates our commitment to providing a seamless and hassle-free implementation experience.
For customer service operations, the benefits of our ISO 27001 certification translate into faster productivity gains and an enhanced customer experience. By adhering to strict information security standards, we can ensure the confidentiality, integrity, and availability of sensitive data, providing peace of mind to both our clients and their customers. In addition, our commitment to continuous improvement and risk-based approach means that we are constantly monitoring and enhancing our security measures, staying one step ahead of cyber threats. This proactive approach allows us to deliver a seamless and secure customer experience, while also mitigating potential risks and ensuring compliance with industry regulations.
A prime example of the positive impact of our ISO 27001 certification is our partnership with a large international health provider. Through this collaboration, we have been able to deliver immediate automated decisions for medical pre-authorisation, significantly reducing the interaction time from 40 minutes to just 2 minutes. This level of efficiency not only improves the customer experience but also enables healthcare providers to deliver faster and more accurate decisions, ultimately benefiting patients and improving overall healthcare outcomes. Discover how the new solution reduced the interaction time from 40 to 2 minutes ➜
For more information on other use cases, you can download a copy of the most recent Spixii white paper here below to understand the specific challenges for financial services organisations and get tangible insight into how conversational process automation can help overcome them ⬇⬇⬇
