Founded in 2015, IDR is a fast-growing asset lifecycle management software company based in Helsinki, Finland. IDR’s platform is the only asset management solution that integrates procurement and recycling into the same platform. With their unique ecosystem model, IDR connects customer’s various partners and solutions into one single platform for one source of truth. IDR currently serves over 200 satisfied customers and is a trusted name in the Nordic region, enabling organizations to automate manual processes and unlock more value from their devices.
IDR prides themselves on delivering a world-class customer experience with efficient software implementation and ongoing support. As a part of their customer-centric values, they built a strong compliance program and pursued ISO 27001 Certification to showcase their commitment to safeguarding customer data.
The Challenge: Navigating regional regulations & first time ISO 27001 audit
Since IDR is based in Europe, one of their biggest security priorities is GDPR (General Data Protection Regulation) compliance. IDR has been GDPR compliant since the regulation was entered into force in May 2016, however, it has always been clear that following this regulation was not enough as the company grew. To address growing inquiries from potential enterprise clients about their security measures, IDR sought out a comprehensive solution that aligned seamlessly with its commitment to data privacy and security.
This is when CTO Matti Lehmus decided that IDR should pursue ISO 27001 Certification to demonstrate the company’s dedication to securing sensitive data. Recognizing the distinct yet complementary nature of GDPR and ISO 27001, IDR aimed to strengthen its transparency and accountability in data handling practices.
Because it was the team’s first time undergoing an ISO 27001 audit, they required an audit firm with ISO 27001 readiness assessments to identify existing gaps and set a plan that would result in a successful audit.
The Solution: Working with an experienced firm & leveraging audit management technology
After researching audit solutions online, IDR believed A-LIGN’s ISO 27001 readiness assessments and audit management software would provide great value to their certification process, and ultimately chose A-LIGN as their auditor.
The IDR team experienced an efficient and high-quality audit experience while working with A-LIGN to achieve ISO 27001 Certification. The certification process was not merely a checkbox exercise, but a strategic initiative to demonstrate the company’s dedication to security to distinguish themselves in the Nordic and European marketplace. A-LIGN’s established presence and robust understanding in European compliance regulations also provided IDR with the knowledge and security practices needed to successfully complete their certification.
The team found great value in the Kanban style approach of gathering and uploading evidence in A-SCEND, A-LIGN’s award-winning audit management software, as opposed to manually collecting evidence and discussing it with the auditor in person. Additionally, the transparency of the certification timeline with key audit deadlines highlighted on the A-SCEND dashboard kept Matti’s team informed throughout the entire audit process, saving valuable time and fostering collaborative communication.
It comes down to what kind of audit firm you can work best with, and A-LIGN seemed to fit my style of work.
Matti Lehmus, CTO
After earning their ISO 27001 Certification, IDR experienced many benefits that bolstered their overall security posture. Prior to the audit, the IDR team did not have a clear outline to document their processes. After the audit, IDR became more organized with their security processes to ensure proper documentation in the event of an emergency or security incident.
IDR expects to earn a competitive advantage as a result of their ISO 27001 Certification. IDR is a fast-growing technology company within a specialized market segment that has a limited number of competitors. Obtaining an internationally recognized security certification not only sets IDR apart from the competition, but also helps IDR speed up their sales cycle.
As IDR continues to grow and provide world-class asset lifecycle management software, they plan to continue strengthening their security program, showcasing their dedication to safeguarding customer data and complying with continuously evolving security standards.
About IDR
IDR is the only asset management solution that combines procurement, asset management, and recycling. IDR strives to automate manual processes and unlock more value from your devices.