The challenge? The certificate had to be in place within one year. Internally, the expertise and capacity to handle this independently were lacking. Heras had no time for a long and complex process, but sought a partner who could guide the process from A to Z - from implementation to audit.
"If I were to do it again, it would be with Fendix again," says Rick (IT & Digital Service Delivery Manager at Heras). He looks back on the certification process with satisfaction. "ISO 27001 was a must, but time was tight. No room for error and a tight and efficient approach."
ISO 27001 certification without the hassle
ISO 27001 often evokes resistance. Again, employees wondered, "Why is this necessary?" Consultant Jelle of Fendix was able to quickly turn that resistance around. No dry theory, but clear explanations and concrete examples in plain language. Information security did not become a complicated compliance story, but a practical and logical part of the work.
Fendix took charge and provided a structured process, without disrupting daily operations. From risk analyses to policy documents to the final audit, everything was handled step by step. When the time came for the audit, Heras was optimally prepared. We kept the external auditor on his toes and, thanks to Jelle's guidance, the audit went off without any major shortcomings. The result: ISO 27001 certification within the specified time and without unnecessary stress.
Not a paper tiger, but a method that really works
Certification was an important milestone, but information security was not to become a paper tiger. It had to become a permanent part of the organization. And that's exactly what happened.
Awareness within Heras grew enormously. Where information security first felt like an obligation, it is now an integral part of work. Teams keep each other focused on working safely, phishing campaigns reveal vulnerabilities within the organization, and risk analyses are now carried out in a structured and substantiated manner. On new projects, a risk analysis is now the standard, so security is included from day one.
"The great thing is that you notice that information security is increasingly becoming part of daily practice," says Angelique van Hassel, Managing Director, Head of Benelux at Heras. "People are now asking the question themselves: what about the risks? That means it lives in the organization. And that is exactly what we wanted to achieve."
We see him not as a consultant, but as a colleague
Rick looks back on the cooperation with satisfaction: "Jelle has really made a difference. He managed to get the whole organization on board, talks just as easily to the CEO as to employees in the factory and is now found by everyone for questions. We don't see him as a consultant, but as a colleague. Someone you just call when you have a question. That approachability has really helped get everyone on board."
What Heras particularly appreciated was that Fendix not only kept appointments, but also thought proactively and acted quickly. The project was completed within the agreed time and budget, without unnecessary bureaucracy. Jelle constantly kept everyone informed of progress and took control during the audit, ensuring that everything ran smoothly.
A long-term partner
ISO 27001 has been achieved, but information security does not stop at certification. Heras is looking at expanding certification to other countries and wants to embed information security even further in the organization. Jelle will remain involved as external Security Officer. In addition, Fendix helps with issues surrounding access security, risk management and the security of new projects.
What began as a challenge to be certified on time has grown into a permanent improvement of the organization. Information security is now no longer a project, but an integral part of how Heras operates. And that benefits not only them, but also their customers.
In our white paper, we take you step by step through our implementation process.
.png)
