Riboldi: “Having IRAM’s endorsement made it easier for us to rapidly achieve the expected result.”

BairesDEV is a leading software development company that guides the digital transformation of some of the most recognized companies in the world. We interviewed its IT Manager & CISO, Pablo Riboldi, so that he could share his experience in the different stages of this process.

-You recently achieved the certification of your information security management system (IRAM-ISO 27001). What problems did you have before contacting us?

–BairesDev is a technology company with a 100% digital spirit. As our services require handling customers’ information, security is a core competency, both internally and externally. For some time now, we have had a specific Security sub-area that coordinates the efforts of all IT in this discipline. It also assists in organizing related training for all employees. At the end of last year, several accounts asked us to certify ISO 27001 in order to comply with very strict requirements, and we noticed that customers were showing more and more interest in the security of our practices. In addition to this, in the current context we are going through, we noticed an increase in the number of different types of incursion attempts. For this reason, our support teams are increasing controls and preventive actions. Having a formal framework in the management system simplifies management and support teams’ tasks.

-We noticed that you use a work methodology related to team building and Design Thinking. Could you tell us briefly what it consists of, and what are the benefits that this certification provides you internally and externally (with customers and value chain)?

–BairesDev relies on teams that are distributed for the execution of its projects. This implies having collaborators in different locations working together and remotely in a modality called “smart working”. In this regard, the certification of information security management systems allows us to ensure confidentiality, integrity and the appropriate level of access to highly sensitive information within the framework of decentralized work. This dynamics provides us with the necessary security to protect our customers’ intellectual property and private data, and also helps us protect the company’s internal processes in an efficient manner.

-Customers area priority to us. We are very proud to see them achieve their objectives and demonstrate results. Could you tell us how we helped you and why you chose us to carry out this process?

-We rely on IRAM’s experience to detect our shortcomings early and help us achieve certification in the shortest possible time. Having the endorsement of an organization such as IRAM, jointly with Andersen, made it easier for us to achieve the expected result very quickly. On the recommendation of our advisor, Hugo Andersen, we asked IRAM for a pre-audit, which allowed us to detect all the deficiencies in our safety system early on and to plan the adjustments to be made in a very short time. Thanks to all the auditors’ remarks, we got to know the actual status of our practice, dedicating the necessary efforts and resources to comply with the requirements of the standard. We approached the first audit with many points resolved and some to be improved. By the second audit, all essential and non-essential points had been addressed objectively and critically. This allowed us to obtain certification in a very straightforward manner, only to find opportunities for improvement. I believe that the experience of the auditors was a decisive factor in achieving the objectives in the short time available. We appreciate their and the whole organization’s contribution.