AP&T ISO 27001 certified – takes a comprehensive approach to information security

Since March, AP&T has been ISO 27001-certified. This marks an important milestone in the company's work with information security, which encompasses both internal systems and customer solutions. With the certification, AP&T demonstrates that they meet international standardization requirements, which strengthens both the business and customer relationships. 

Hello there, Claudio Vargas! As IT and information security manager at AP&T you led the certification initiative. What does ISO 27001 certification mean for AP&T?
– It is proof of our systematic work with IT security and ensures that we comply with laws and requirements in the area. In the long run, it also strengthens our position in the market and in business negotiations.

What does the certification mean for AP&T's customers?
– For our customers, the certification means greater confidence that we are doing everything we can to secure and protect both their information and our own. We have also seen it become a competitive edge for our customers, especially in businesses where high demands on information security are imposed further down the chain.

How did you go about getting the ISO certification in place?
– I started by familiarizing myself with the standard and then did a GAP analysis to identify where the shortfalls were in our existing processes. Based on that, I developed the necessary documents and processes. It was an extensive and painstaking process – all in all, it took about a year and a half.

How else do you work to ensure high IT security?
– We have an internal group that we call DSG – Data Security Group – that actively works to reduce the gap between IT and OT security, which encompasses the physical operation of machines, processes and systems. In addition, we continuously work to comply with relevant laws and directives such as NIS2, the Cyber Resilience Act, and the Machinery Directive.