Ask any knowledgeable person about cybersecurity, they will mention one standard in particular: ISO 27001. An international standard for managing information security, ISO 27001 provides a systematic framework for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS).
ISO 27001 focuses on identifying and managing risks, to help ensure the confidentiality, integrity, and availability of information, and to establish, maintain, and continually improve an Information Security Management System. Organizations then implement controls based on risk assessments and align their processes with business needs and legal or regulatory requirements. It’s relevant to organizations of all sizes and in all sectors, and helps them to safeguard sensitive data, build trust with stakeholders and reduce security risks.
But ISO 27001 is a minimum standard for managing information security. We’re proud to say that Kbrw is far better than that.
An organization which achieves ISO 27001 certification demonstrates compliance with best practices in information security management. This provides assurance to customers, partners, and regulators. Equally, when an organization uses a core solution from an ISO 27001-certified supplier, there’s an opportunity for that organization to highlight to its downstream customers - with evidence - that it’s doing everything it should to keep their data safe and secure.
Order management systems, warehouse management systems and other supply chain optimization solutions are examples of such core solutions. They may handle sensitive information such as customer data, payment details, and order histories, so ensuring the security of this information is critical for maintaining trust, compliance and operational continuity. Not only that, but information such as storage strategies, stock information and restocking strategies may be considered confidential to the company, and crucial to the organization’s success.
These systems and solutions are also key parts of the supply chain, which many organizations already regard as the weakest link in their security regime. Ensuring the security of information used by these systems and solutions is therefore critical - for maintaining trust, compliance, operational continuity and even business competitiveness.
You might reasonably suppose, then, that any organization considering the purchase and operation of an OMS, WMS or any supply chain management solution would make a priority of validating, exploring and understanding the ISO 27001 certification of its vendor. Consider for a moment the issues/disciplines of:
Kbrw’s head of security, Tommy Vayron, explained: “Kbrw is ISO 27001-certified and for many prospects and customers, our certification is a box they have to tick as part of their procurement process. It’s true that ISO 27001 certifies the management system, not the technical security measures, and it’s important to have both certification and proof of technical security: we always welcome questions about our security measures from prospects and customers.”
Kbrw itself integrates security into the product’s design, development and features. Critically, senior management is fully committed to a culture of security, ensuring management reviews occur at least quarterly to ensure security measures are effective.
To help ensure the success of the company’s thorough approach to secure design, Kbrw tasks both internal and external testers to try to compromise its products, via both penetration tests and audits.
“I believe that this dedication to security, which is supported right at the very top of the organization, means we are likely among the most advanced of all OMS and supply chain optimization solutions vendors,” says Tommy Vayron. “We encounter no issue in securing support for this approach to development, despite the extra costs.”
“We’re also very proactive in respect of the potential for our solutions – and our customers – to be impacted by supply chain vulnerabilities, which is something that is top of mind for many people now. In fact, thanks to our strong technological choices we have only a limited number of dependencies, and we maintain good oversight of them, so we start from a good position in respect of that.”
But ISO 27001 isn’t the only standard in town. While ISO 27001 focuses on management systems, meeting GDPR and other national and international regulations also requires additional, specific, technology features. This could create a whole new challenge.
Instead, Kbrw's choice to manage development of products using a lot of in-house technology allows for better control over security and compliance, reducing the overhead of meeting additional regulations that may be unique to specific markets.
In China, for instance – where Kbrw is in the early stages of operating – we set up a specific technological architecture model that’s seamlessly integrated with our overall technological ecosystem, to meet the requirements of PIPL (the Chinese equivalent of GDPR). This could have been a lot more work, but in reality it only required a simple adaptation of Kbrw’s usual architecture model, which already offers everything needed to meet such requirements.
Kbrw's approach to mitigating against potential insider threats and misused access rights is as thorough as its approach to product development. Its stable, well-established team means that the overhead of vetting and background-checking staff is relatively easily accomplished.
Comprehensive administration capabilities including automatic onboarding and offboarding processes to ensure similar levels of security from the client-side.
“Kbrw’s proactive approach to security is an important part of the brand and we’re very proud that security is a foundational principle,” says Tommy Vayron.
In this article, we’ve highlighted Kbrw's proactive approach to security and its integration into the brand. If the article has raised any questions – old or new – for you about security (in a Kbrw context), please get in touch; we’d love to discuss them with you.