Contesta's ISO 27001 confirms its compliance with the highest standards of information security

Contesta secured this ISO 27001 certification in order to assure its stakeholders of strict compliance with information security legislation. This is a clear recognition of the company's ongoing process of improvement.

Operational fluidity and high-level specialisation are the decisive factors in gaining the trust of large companies in the increasingly complex world of contact centres. Contesta delivers its customer relationship services to a portfolio of large companies by leveraging competitive advantages such as an optimised structure, customised processes designed in detail, and technology as an ally to offer its customers an omnichannel service tailored to their needs.

This is done without losing sight of the risk management approach embraced by the entire group. Contesta's Managing Director José Luis Moral says that the company's strengths include "a focus on security, something we share with the Prosegur group, and a high capacity to adapt and respond to the technological challenges of the 21st century, together with regulatory and legislative developments, which are becoming ever more demanding".

 

When you safeguard information, you shield yourself

Contesta successfully passed the SGS audit a year ago, thus securing the certificate of compliance with the requirements of the Information Security Management System under standard UNE EN ISO/IEC 27001:2017. Company information, data on their activity or the personal data of their customers are today one of the most precious assets and the most difficult to protect. They are one of the pillars of the business, and as such, they are targets for theft and sabotage, because they can also be used for extortion against the company or for profit from their sale to third parties. At this stage, it is essential to consider that even if a company has all the available safeguards in place, a security breach could jeopardise its reputation and even its future.

The ISO 27001 certification is internationally recognised as the hallmark of a high level of capability and quality in information security management. Beyond its absolute value, however, there are varying degrees of merit in how this certification is secured. José Luis Moral points out that, both because of the business vision and the synergy with Prosegur, before attaining this certification, Contesta was already implementing the highest level of hybrid physical and cybernetic shielding for telecommunications, infrastructures, computer systems, information repositories and databases, which in turn passed exhaustive annual audits carried out by external specialists and on behalf of our most IT security-conscious customers in the banking, insurance and utilities sectors.

The foundations were therefore well laid for "a record setting swift implementation of the Information Security Management System (ISMS) in accordance with the legislation", explains Sergio Rodríguez, Technology Director, "with a level of consolidation and maturity that has earned us compliments in the audits".

 

A matter of scope and self-demand

The single most important indicator in the field of certification is the scope of certification, or, in other words, how demanding the company itself is in determining the activities to be certified, and where the activities are carried out within the company. "You can define a minimum scope," specifies José Luis Moral, "you can stick to a territory, a location and an activity, and if you meet the requirements, you get the certification. Right from the start of the project to secure this certificate, Contesta assumed that the project's scope would be as broad as possible: we certified our entire organisation for all our activities, all our customers and all our workplaces and data processing facilities”.

This certification project's success reflects the efforts and commitment of all our employees. Our commitment to customer service and to satisfying all our customers' needs means protecting them from the risks involved in mismanaging the information we handle about them. “Every single one of Contesta's more than 1,200 employees is aware, trained and educated to follow the standards, policies, protocols and obligations required by the standard. The certification is an umbrella to protect our customers and employees because they know at all times what to do, what the best practices are at all times and what risks are involved in the event of non-compliance with these guidelines”, adds Moral.

This certification project's success reflects the efforts and commitment of all our employees.

 

The way to continuous perfection

The proliferation of technological risks and their ever-changing nature explain the need for a standard model that develops at the same time, or even anticipates whenever possible, these constant changes. The certification model is adaptive and requires annual audits and certifications in which the system is reviewed and the certificate is renewed if the ISMS has adapted to the new risks and realities of a changing environment. Contesta has just renewed certification after a first year of operation. 

Preventive culture is in Contesta's DNA. Earning the ISO 27001 certificate is only the beginning, a starting point, the important thing is to maintain the ISMS and to improve its implementation. It is therefore essential to adopt a continuous improvement methodology that allows for the execution, measurement, auditing, correction and implementation of process improvements. The company recognises the need to persevere in updating protocols and improving the systems involved, with new versions every year and double audits to check their optimal functioning.

ISO 27001 certification is the most comprehensive, complex and difficult to obtain in the field of information security. While for some it is a goal, Contesta sees it as the starting point to persevere in pursuing additional, more specific certifications, such as ISO 9001, which defines the quality management system; ISO 22301, which certifies the business continuity management processes; ISO 31001 for risk management, ISO 14001 for environmental management, to name but a few.  "When the entire organisation is so focused on providing high-quality and high-value services, adding new certifications is easier, makes us much more robust, predictable, reliable and competitive in our niche market", concludes Contesta's Managing Director.