Quest Earns ISO 27001 Certification, Proving Cybersecurity Bona Fides

IT environments today are constantly bombarded with cyber and ransomware attacks. All organizations are vulnerable to these attacks, and every organization has vulnerabilities in their IT protection plan. While nothing can guarantee 100% protection, Quest can make one claim that many others cannot: we are ISO 27001 certified.

ISO 27001 is the only auditable international standard that defines the requirements of an Information Security Management System (ISMS). An ISMS is a system of processes, technology and people that assist companies in protecting and managing all the organization’s information through effective risk management.

By achieving ISO 27001 compliance, Quest demonstrably expresses to potential clients and partners that we take information security very seriously.

An accreditation also:

Boosts confidence in the eyes of customers, partners and other stakeholders who know that their information is in safe hands
Helps forge new partnerships; some companies will only work with organizations that can demonstrate that they are certified to ISO 27001
Helps avoid data breaches and cyber-attacks
Gives guidance for how to keep data secure, accurate and available
Serves as a seal of approval that an independent third-party auditing our ISMS and finds it to be effective
Promotes cost savings through reduction of information security incidents

Becoming ISO 27001 certified was a year-long journey for Quest. The standard itself has 10 clauses that outline requirements for conformity with the standard as well as 14 Objectives comprised of 114 controls - that’s a lot of standards to be tested on. Quest had to address, document, and implement all of the clauses, objectives, and controls to show our compliance.

“The first 4 months were comprised of researching the requirements, review of Quest’s systems, and documentation of the ISMS. The next 4 months concentrated on implementation of the ISMS. After that we performed an internal audit to identify any weaknesses and opportunities for improvement,” says Quest Project and Development Manager, Raymond Pineda.

The internal audit resulted in 40 items identified as areas of improvement; the next month was spent addressing those items and improving Quest’s ISMS.

The external audit, a 9-day assessment where all of Quest’s documentation and procedures were reviewed, was conducted in the beginning of November 2022. The auditor conducted interviews with the IT and HR departments as well as senior management to ensure that the teams supporting the ISMS were fully committed to the standards.

Quest passed the Phase 2 Audit with NO nonconformities, meaning all of Quest’s ISMS passed with flying colors.

“Passing the Phase 2 audit the first time with no nonconformities was a huge success for us. It was a confirmation of the commitment, and hard work put in by the entire team and management over the course of the last year,” says Pineda.

Now that Quest has achieved ISO 27001 certification, Quest is also committed to continual improvement of the ISMS, a commitment that we are happy to make.

If you are looking for an ISO 27001 accredited partner, please contact us and we will talk about what Quest can do for you. Read more about our commitment to cybersecurity here.

MAR-944 REV 1.0