We had the opportunity to conduct an interview with our colleague Flávia Condé. Flávia Condé (Project Manager) to explain to us the process that allowed Delonia to achieve ISO certifications.
Flávia, to begin with, could you tell us a little about your professional career?
I have a background in Economics and Business Administration. I have always worked in the B2B market, in the area of telecommunications services sales. One of the companies I collaborated with provided consultancy in the Brazilian Data Protection Law, which allowed me to learn a lot about the sector.
I was planning to move to Spain, so I decided to get international certifications to improve my resume and look for an opportunity here.
I started with training in Data Protection, obtaining the Data Protection Officer (DPO) certification. Then I continued with the ISO 27001 certification for Information Security Officer. When you start studying something you are passionate about, learning becomes easier. I then went on to study for other certifications related to information security.
In addition, I have just finished an MBA in Management Systems with a focus on Information Security, Privacy and Business Continuity. I am currently finishing a Master in Compliance and Data Protection.
For almost 10 years I ran my own company, representing Claro in Brazil for B2B sales of telecommunications services.
What can you tell us about the standard?
ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).
Its main objective is to protect the confidentiality, integrity and availability of information by implementing appropriate security controls.
What do these certifications bring to the company?
ISO 27001 certifications bring numerous benefits to the company, among them:
- Trust and credibility: demonstrates to our customers and partners that we have established and maintain high standards of information security.
- Regulatory compliance: facilitates compliance with legal and contractual requirements related to data protection and security.
- Risk reduction: identifies and mitigates potential risks associated with information security.
- Continuous improvement: establishes a framework for continuous improvement in information security management, adapting to new threats and changes in the environment.
How have we achieved these certifications at Delonia?
Delonia was already serving important clients in the market and had clear processes in the development area.
We adjusted some aspects to meet certain requirements, but it was largely a formalization of what we already had. We implemented templates and documented our internal policies to consolidate existing processes.
I think the most important part of the whole certification process has been the documentation to raise employee awareness. This is not only necessary to comply with the requirements and demonstrate this to the certification auditor, but also as part of continuous improvement, with the aim that the procedures become more and more integrated into everyone’s day-to-day life.
A fundamental aspect, given that Delonia is already used to going through external audits, is that we are implementing even greater rigor in our practices.We are planning the tests, audits and monitoring in a more detailed way so that the concern for these aspects is mainly ours.
We would like to thank Flávia Condé and take this opportunity to reiterate that the main objective of the Delonia team is to continue applying a strategy of continuous improvement in order to offer our customers the most efficient service possible.
