cloudtec is ISO/IEC 27001 certified — the internationally recognised standard for information security. For you, that means our processes for protecting data are documented, controlled and verified through an independent audit. We share the scope and further evidence as part of security reviews. How we got there is what this post is about — including the stretches where the path wasn't exactly straight.
Anyone who has run a project like this knows: a certificate doesn't appear out of nowhere. The road was intensive, full of learning, and challenging in places. Here's a look behind the scenes.
It starts with a lot of theory
The beginning was mostly reading and making sense of things. Before we could take action, we had to understand the requirements of the standard and translate them to our own company reality. Less spectacular than expected — but the foundation for everything that followed.
Security is teamwork
An information security management system (ISMS) only works when everyone pulls in the same direction. That's why we ran numerous workshops with the team and management. Together we defined security objectives, analysed risks openly, and built a shared understanding of which data assets we protect and why.
From doubt to confidence
We'll be honest: halfway through, there were moments of uncertainty. The topic is complex, and at times we asked ourselves whether we were still on the right track. That's where Kertos came in. With their expertise and a focused platform, we found the thread again and gained real confidence in our own processes. A big thank you to the Kertos team.
More than ticked-off checklists
Looking back, the ISMS was far more than preparation for an audit. We used the project to finally implement measures we had long planned. Our internal structures are clearer, more efficient and better secured today than before.
What's next?
The certificate now hangs on the wall — and digitally on our website. But the work doesn't end there. Information security isn't a project with an end date; it's a continuous process: we have our ISMS reviewed regularly by independent third parties and keep developing the controls.
We're proud of the team that walked this path with stamina and commitment. And we're looking forward to whatever comes next.