From start to certification: how Easy LMS achieved ISO 27001 and what it means for you

Since July 2024, we’ve been ISO 27001 certified—a major milestone! Our GDPR Officer, Andor, shares in an QA session with Content Manager Caroline the details of the process.

Caroline
Content Manager & HR Officer
Posted on
Reading time 5 minutes

We’re excited to announce that after months of hard work, we’ve achieved ISO 27001 certification! This milestone underscores our commitment to top-tier data security. Simply put, your sensitive information is in safe hands. Earning this certification wasn’t easy—it required resilience and focus. Thankfully, Andor was our guiding force throughout the process. In this blog post, he shares how we successfully navigated the journey.

Security has always been a top priority at Easy LMS, and we already follow GDPR standards closely. So why did we decide to get ISO 27001 certified? What extra benefits did it bring to what we were already doing?

“Absolutely, we had already made great strides with our security measures, but we lacked a clear picture of just how thorough they really were. We knew what was in place, but identifying the gaps was a challenge. That's where ISO 27001 came in—it provided us with a solid framework that made it much easier to pinpoint vulnerabilities and close them effectively. This was a game-changer for us. It not only boosted our confidence in our security but also ensured that if something does go wrong, we can swiftly contain the damage and bounce back. This approach has greatly reduced stress for our developers and given our customers the peace of mind that their data is safe with us.”

Ultimately, the decision was made to pursue ISO 27001 certification. But how do you tackle such a massive project? What was the first step?

“Honestly, it was quite challenging at first. I and my partner in crime - Job, our former CTO - had little experience with implementing a standard like this and weren’t sure how it would all come together. We started by purchasing a template version of an Information Security Management System (ISMS) and just dove in. The first logical step was to assess what we needed and begin creating anything that was missing. As we worked through it, we naturally figured out what worked best for us and our company.”

How did you track progress during the project? What was your approach?

“Job and I had weekly meetings to ensure we were always moving a step closer to our goal. We used a method similar to the Improvement Kata, which we apply in other areas as well. This meant focusing on the smallest steps that could bring us closer to our objective. Often, this involved documenting the current situation or making small tweaks to processes to see if they worked for us.”

What was the most challenging part of the entire process?

The biggest challenge was understanding exactly what was expected from us

“The biggest challenge was understanding exactly what was expected from us. The certification is meant for both large banks and small businesses, so requirements can vary widely. With many different interpretations online, it was crucial to pinpoint what was specifically needed for our situation, which was sometimes difficult to separate from others' perspectives.”

Implementing the ISMS is crucial for ISO 27001 certification, and it often means changing how employees work. How did you keep the Easy LMS team motivated and on board with these changes, especially when it might have felt like a burden?

“Absolutely, getting everyone on board with security changes can be tricky. If the process is too complicated or annoying, people might try to bypass it. From the start, we focused on making things as simple as possible for our team. The goal was for the processes to enhance security without getting in the way of their work. We aimed to make it nearly impossible to do things incorrectly. Plus, we wanted to avoid a blame game—if something goes wrong, it’s not about pointing fingers, but about improving the process.”

And then came the day of the audit, by Brand Compliance, our ISO partner. How was that? Were you nervous?

“Definitely! We had spent months preparing for this moment, and it felt like everything could fall apart at any second. But I also had confidence in the work we’d done. When the auditor arrived, they explained exactly what to expect, how the process would work, and what they’d be looking for. This really helped to ease our nerves during the audit.”

I guess the relief was big when we received the positive result?

We were overjoyed when we got the results

“Absolutely! We were overjoyed when we got the results. There were a few things to tweak, but once we made plans to fix them, we receive our ISO 27001 certificate. That was a huge relief and very validating.”

Now that we are certified, what’s next?

“Now it’s all about using the system we’ve put in place. Maintaining and using it is actually much easier than setting it up. The key is to keep using the system to ensure ongoing security and continuous improvement. As Easy LMS evolves, we need to make sure these changes remain secure. Eventually, we’ll go through recertification to ensure everything is still running smoothly, and it’s important for us to pass that as well.”

We’re ISO 27001 certified. Want to learn more about how we keep your data secure? Check out our privacy policy!