Since 2008, the management system of the Pentalog group has been audited according to the ISO 9001 – Quality standard. In 2021, we finally extended the scope of our certification to the ISO 27001 – Information Security standard.
The objective of this initial ISO 27001 certification was to guarantee to our clients, collaborators, and shareholders that the Pentalog group’s internal services (human resources, information system, sales) comply with the applicable legislation and the international standards for information security.
Risk assessment, confidentiality, property, sub-contracting, sensitive and personal data processing are some of the topics which have been systematically verified within all our activities, specifically sales, human resources management, IT activities, and Client delivery.
Security of workstations and networks, especially now that we’re all working remotely in a sustainable way, access provisioning and decommissioning, logical security, licensing, Secure Development Life Cycle (SDLC) and vulnerability assessment have also been deeply investigated.
Though almost all meetings were held remotely due to the health situation, the Bucharest delivery center was subject to a physical audit, to check the security of buildings and of human resources (access control, networks, fire safety, …).
Once again, Pentalog teams demonstrated their involvement, know-how, professionalism, and mastery of the client projects and missions they handle, for complete client satisfaction.
The auditors, Mr. Ionescu and Mr. Aciu, concluded: “the Pentalog group has a high level of maturity of the quality management system”, underlined “a direct and increased involvement from the process managers in the management of the activities according to the group’s procedures”, and also recommended the Pentalog group for ISO 27001 certification.
In relation with our growth strategy, relying on our new Skillvalue Insight framework, our certificate will now explicitly cover our skills assessment process. More particularly, auditors concluded “the evaluations of the technical staff are at a high level of performance (e.g., Hard core tests, evaluations according to the Dreyfus methodology)”.
For our involvement in local communities, and our determination to create a positive technology impact, auditors also set as a strong point the PentaStagiu project we are involved in, through which free trainings are being provided for 700 students from the universities in Iasi, Romania.
Of course, auditors also formalized a list of recommendations for us to improve, but no non-conformity has been raised – a very valuable situation!
A very big thanks to all the teams who got involved and contributed to this new ISO 27001 certification – and ISO 9001 confirmation: IT teams (infrastructure, internal software, security, technology, quality), HR teams (recruitment and assessment, legal, people management, training) and to all the project teams from Orléans, Lyon, Cluj, Bucharest, Iasi and Brasov (the locations that were audited this year) as well as to all the involved people from our other locations (Frankfurt, Guadalajara, New-York, Paris, Chisinau or Hanoi). Congratulations!!!