Benito Señorís, CISO: “In a company, we are all ‘guardians’ of data”
The loss, modification, leaking or unauthorised disclosure of information can pose serious risks to a business, and can even have financial repercussions for the company or damage its corporate image. Information is undoubtedly a valuable asset to any company, and one that requires appropriate control measures. Aware of just how important it is nowadays to guarantee secure environments, the language services provider CPSL, based in Barcelona, has just obtained ISO 27001, its fourth ISO certification, to add to its collection of quality standards: ISO 9001, ISO 17100 and ISO 13485.
We spoke to Benito Señorís, CISO (Chief Information Security Officer) and Director of ICT, who led the certification process. Benito started working as a localisation technician before the internet entered our lives. He likes the speed at which technological change occurs, and makes sure he’s always up to date with the latest developments.
Benito Señorís, CISO and Director of ICT at CPSL
Why did CPSL want to obtain the ISO 27001 certification and why is it necessary gain?
We were actually thinking of our customers when we first considered it; we wanted to offer them greater added value in the area of security. We want to continue being industry leaders in quality for our customers so that they can feel confident that their data is secure with us.
Broadly speaking, what does ISO 27001 mean and what impact does it have?
The requirements for standard ISO 27001 have enabled us to establish an Information Security Management System (ISMS) based on measures designed to protect information, regardless of its format, and provisions to prevent risks, in such a way that the continuity of the company’s activities is guaranteed at all times.
Once we had resolved to gain this certification, the company’s senior management decided to merge the ISO 9001 quality standard with the ISO 27001 security standard in order to achieve an ‘Integrated Quality and Security Management System’, with the aim of ensuring that the quality and security of information are considered in all our processes.
At CPSL, we created an MIS steering committee made up of members of senior management, our Quality Director, and myself. . The aim of this is to implement a system of continuous monitoring, as, although the technical side of things is highly significant and relevant, it is ultimately a process that requires the involvement of everyone in the company. We must foster a genuine awareness of the fact that we are all guardians of data. By this we mean that all of the company’s information should have integrity, meaning that no uncontrolled modifications have been applied, be confidential, meaning that only authorised persons can access it, and be available when required.
What does the process involve?
It is a long and intensive process, which takes place in several stages: from identifying assets to a risk analysis of our process map; from establishing protocols to manage these potential risks, to passing the audit stage, thanks to the involvement of all teams and the participation of the entire company, with the aim of achieving continuous improvement.
The truth is that, at CPSL, we already had an excellent information security management system, which was very helpful to us in attaining ISO 27001. This certification now endorses our security system and provides our customers and partners with the assurance that our system functions properly. It is the final seal of approval. The certification is a formalisation.
Why do you consider it so important to be aware of our role as guardians of data?
A password can ruin your life... Would you leave your keys in the door as you leave the house? The same thing happens in businesses: it is crucial to ensure that all environments are secure, at every level, so that we do not to leave the door open to potential risks. Although it is impossible to eliminate all security risks, it is important to have in place protocols and control measures to manage these risks, to ensure the integrity, availability and confidentiality of data. If there is one thing we have learned from this intense year of work and audits, it is that we know what the risks to our information are and that we are able to define how best to manage them.
What does this new certification mean for CPSL?
As a business, we will be more competitive and we will have access in the market to the type of customers that expect their suppliers to have this certification (in sectors such as banking and finance or pharmaceutical laboratories).
With regard to ICT, it will help us with internal processes, saving us time when preparing documents for tenders etc. We are certainly very pleased, and now it only remains for us to continue involving and educating our teams in and about this work, and to keep striving for the continuous improvement of our MIS.
About CPSL: CPSL is a group of private companies that has been operating in the language services sector since 1963. The group is made up of Barcelona-based Celer Pawlowsky S.L., which is the parent company, CPSL Documentation & Tools in Ludwigsburg, which operates in the Stuttgart area in Germany, and CPSL USA Corporation, located in Boston in the United States.
CPSL is a language services provider with more than 50 years of experience in advising clients on how best to manage their multilingual content and projects, whether such projects involve software or website localisation, multimedia content localisation, or interpreting services. Quality is part of the DNA of the company, which continues to gain new certifications. To date, CPSL has obtained certification for three ISO quality standards: ISO 9001 (standard for quality management systems), ISO 17100 (international quality standard specific to translation services), ISO 13485 (standard for medical devices and related services) and ISO 27001 (standard for information security).
*For more information, please contact the Marketing and Communications Department:[email protected]