Information security

Två händer håller i urklippta papperspersoner

Information security

Our journey to ISO 27001: why we took the step and what it means for us and our customers
As a fast-growing company, we recognised the need to work in an even more structured way with information security, both for the sake of our business and for the safety of our customers. In a world where cyber threats, data breaches and increased demands on suppliers are becoming more common, we need to be one step ahead. That is why we chose to certify ourselves (see our certificate in information security) according to ISO 27001. Contact us at if you are interested in seeing our information security policy.

Why ISO 27001?

There are three reasons behind the certification:

  • Our rapid growth... As our business grows, so does its complexity. We wanted to ensure that our ways of working, processes and procedures follow a clear and sustainable structure no matter how fast we evolve.
  • A changing environment Information security has become a business-critical issue. Organisations increasingly need to demonstrate that they are managing information in a secure, risk-based and controlled manner and we wanted to proactively meet these requirements.
  • Increased security for our customers More and more companies are making demands on their suppliers. With ISO 27001 certification, we can clearly demonstrate that we are working systematically and long-term on information security.

Iso certifikat 27001 informationssäkerhet

How we built our management system without creating a “paper monster”

When we started this work, an important starting point was that our management system had to work in practice. It should not be a theoretical framework that ends up on the shelf, but a living support in our daily lives.

We therefore set up a working group made up of staff from different parts of the organisation. The broad mix of roles, perspectives and experiences became one of our greatest strengths. Together, we analysed what we already had in place and realised quite quickly that much of our way of working was already in line with the requirements of the standard.

The work also involved many long afternoons, many experiments that had to be redone and more than one occasion when, after intensive discussion, we were absolutely sure that we had understood - only to realise a little while later that we had probably not understood anything at all. But the process gave us many useful experiences and the joint commitment made the work both meaningful and developing.

We focused on

  • Building on what already worked
  • Adapting processes to reality, not the other way round
  • Create clarity without creating too much extra administration
  • Ensuring that the solutions worked for all parts of the organisation

The result is a management system that is easy to understand, simple to work with and clearly integrated into our existing procedures. When we built the system, we started from a simple principle: it should be easy to do the right thing. That's why we created processes that work in practice, not just in theory.

Awareness and engagement

What makes certification possible is not the documents themselves, but the people who put them into practice every day.
To involve the whole organisation, we have been actively working on:

  • Training for all employees
  • Workshops to understand the standard and put it into practice
  • Weekly challenges to strengthen behaviours, awareness and risk-based thinking
  • Everyday improvement work where everyone was encouraged to raise risks, improvements and ideas

By involving both management and employees from the start, we achieved broad support and a strong commitment that has driven the work forward.

What does the result mean?

The fact that we are now certified means several concrete benefits both for us as a business and for our customers:

  • A structured and well-functioning information security programme that complies with international standards.
  • Increased security for our customers who can trust how we handle their information.
  • Clear procedures and improved working methods internally, strengthening quality and efficiency.
  • A business that is well equipped to meet both our own and our customers' future demands for safety and quality.
  • A systematic approach that continues to evolve with each follow-up, improvement proposal and internal audit.

ISO 27001 is the basis for how we work going forward. The certificate shows that our structures are sound and that we are building on them with the same commitment.

Read more about our other programmes certifications.

Säkert valv med många lås som symboliserar informationssäkerheten på rely it