Corporate

Why information security matters to Kbrw

A critical part of any information system, supply chain management solutions must guarantee the higher level of security. Here's what we do at Kbrw.

Camille
Feb 28, 2025
Corporate

Subscribe

Subscribe

Ask any knowledgeable person about cybersecurity, they will mention one standard in particular: ISO 27001. An international standard for managing information security, ISO 27001 provides a systematic framework for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS).

ISO 27001 focuses on identifying and managing risks, to help ensure the confidentiality, integrity, and availability of information, and to establish, maintain, and continually improve an Information Security Management System. Organizations then implement controls based on risk assessments and align their processes with business needs and legal or regulatory requirements. It’s relevant to organizations of all sizes and in all sectors, and helps them to safeguard sensitive data, build trust with stakeholders and reduce security risks.

But ISO 27001 is a minimum standard for managing information security. We’re proud to say that Kbrw is far better than that.

Why is it important for supply chain orchestration solutions to be ISO 27001 certified?

 

An organization which achieves ISO 27001 certification demonstrates compliance with best practices in information security management. This provides assurance to customers, partners, and regulators. Equally, when an organization uses a core solution from an ISO 27001-certified supplier, there’s an opportunity for that organization to highlight to its downstream customers - with evidence - that it’s doing everything it should to keep their data safe and secure.

Order management systems, warehouse management systems and other supply chain optimization solutions are examples of such core solutions. They may handle sensitive information such as customer data, payment details, and order histories, so ensuring the security of this information is critical for maintaining trust, compliance and operational continuity. Not only that, but information such as storage strategies, stock information and restocking strategies may be considered confidential to the company, and crucial to the organization’s success.

These systems and solutions are also key parts of the supply chain, which many organizations already regard as the weakest link in their security regime. Ensuring the security of information used by these systems and solutions is therefore critical - for maintaining trust, compliance, operational continuity and even business competitiveness.

You might reasonably suppose, then, that any organization considering the purchase and operation of an OMS, WMS or any supply chain management solution would make a priority of validating, exploring and understanding the ISO 27001 certification of its vendor. Consider for a moment the issues/disciplines of:

  • data protection: ISO 27001 requires that certified vendors secure the confidentiality, integrity, and availability of sensitive customer and business data stored in the OMS.
  • risk management: ISO 27001 helps identify and mitigates risks such as data breaches, fraud, and unauthorized access.
  • regulatory compliance: ISO 27001 helps meet legal and regulatory requirements for data protection, like GDPR, the CCPA (California Consumer Privacy Act), or the PCI-DSS (Payment Card Industry Data Security Standard).
  • business continuity: ISO 27001-compliance of its vendor helps to reassure the customer that their supply chain solutions should, through robust security measures, be protected from cybersecurity attacks that might cause disruption or even stop activity, such as ransomwares.

Kbrw solutions: Secure by Design

Kbrw’s head of security, Tommy Vayron, explained: “Kbrw is ISO 27001-certified and for many prospects and customers, our certification is a box they have to tick as part of their procurement process. It’s true that ISO 27001 certifies the management system, not the technical security measures, and it’s important to have both certification and proof of technical security: we always welcome questions about our security measures from prospects and customers.”

Kbrw itself integrates security into the product’s design, development and features. Critically, senior management is fully committed to a culture of security, ensuring management reviews occur at least quarterly to ensure security measures are effective.

To help ensure the success of the company’s thorough approach to secure design, Kbrw tasks both internal and external testers to try to compromise its products, via both penetration tests and audits.

“I believe that this dedication to security, which is supported right at the very top of the organization, means we are likely among the most advanced of all OMS and supply chain optimization solutions vendors,” says Tommy Vayron. “We encounter no issue in securing support for this approach to development, despite the extra costs.”

“We’re also very proactive in respect of the potential for our solutions – and our customers – to be impacted by supply chain vulnerabilities, which is something that is top of mind for many people now. In fact, thanks to our strong technological choices we have only a limited number of dependencies, and we maintain good oversight of them, so we start from a good position in respect of that.” 

New challenges and opportunities in compliance

But ISO 27001 isn’t the only standard in town. While ISO 27001 focuses on management systems, meeting GDPR and other national and international regulations also requires additional, specific, technology features. This could create a whole new challenge.

Instead, Kbrw's choice to manage development of products using a lot of in-house technology allows for better control over security and compliance, reducing the overhead of meeting additional regulations that may be unique to specific markets.

In China, for instance – where Kbrw is in the early stages of operating – we set up a specific technological architecture model that’s seamlessly integrated with our overall technological ecosystem, to meet the requirements of PIPL (the Chinese equivalent of GDPR). This could have been a lot more work, but in reality it only required a simple adaptation of Kbrw’s usual architecture model, which already offers everything needed to meet such requirements.

Insider threats and client security

Kbrw's approach to mitigating against potential insider threats and misused access rights is as thorough as its approach to product development. Its stable, well-established team means that the overhead of vetting and background-checking staff is relatively easily accomplished.

Comprehensive administration capabilities including automatic onboarding and offboarding processes to ensure similar levels of security from the client-side.

Information security at Kbrw: more than certification

“Kbrw’s proactive approach to security is an important part of the brand and we’re very proud that security is a foundational principle,” says Tommy Vayron.

In this article, we’ve highlighted Kbrw's proactive approach to security and its integration into the brand. If the article has raised any questions – old or new – for you about security (in a Kbrw context), please get in touch; we’d love to discuss them with you.

Similar posts