Certification: ISO 27001

What is ISO 27001, and why is it important?

The ISO 27001 compliance is an international management standard on information security. The standard is a management tool that helps your company protect valuable information, including personal data, in a secure and reliable way.

Dubex is ISO 27001 certified in information security in connection with the development, delivery, and servicing of solutions and services in IT security. It is Dubex’s goal to maintain a level of information security that leads to certification according to the ISO/IEC 27001:2013 standard, as well as the preparation of an ISAE3000 statement.

Why ISO 27001 is a must for modern businesses

With increasing cyber threats, businesses need a robust security framework to protect sensitive data. ISO 27001 helps companies manage risks, ensure compliance, and build trust with customers and partners. For industries such as finance, healthcare, and technology, certification is often a prerequisite for doing business. It also provides a competitive advantage by demonstrating a proactive approach to security and regulatory compliance.

Key elements of the ISO 27001 standard

ISO 27001 ensures organizations establish a strong Information Security Management System (ISMS) based on the following principles:

• Risk Management: Identifying, assessing, and mitigating security threats.
• Security Policies: Defining clear security objectives, access controls, and data protection strategies.
• Regulatory Compliance: Meeting legal and industry-specific requirements, including GDPR.
• Continuous Monitoring: Conducting regular security assessments, audits, and system updates.
• Incident Response: Establishing procedures to minimize disruptions and ensure business continuity.

By implementing these principles, businesses can proactively address security challenges and maintain a resilient security posture.

The first IT security provider in Denmark with ISO 27001 certification

In 2011, Dubex became the very first IT security provider in Denmark to be ISO 27001 certified in IT security and thus the first security provider to be able to document its own IT security. In connection with the re-certification in 2014, Dubex was the first Danish company to undergo the ISO 27001:2013 certification process.

A legacy of leadership in cybersecurity

Since its founding, Dubex has led the way in strengthening cybersecurity in Denmark. As the first Danish IT security provider to achieve ISO 27001 certification, Dubex set new standards for information security management. This milestone showcased Dubex’s commitment to best practices and influenced the industry’s approach to cybersecurity governance.

Over the years, Dubex has reinforced national cybersecurity resilience by advising organizations, contributing to regulatory discussions, and continuously refining security strategies. Its leadership in security frameworks and risk management has established Dubex as a trusted partner for businesses seeking advanced protection against evolving cyber threats.

Milestones in ISO certification

Dubex’s dedication to maintaining the highest security standards is reflected in its ongoing certification journey:

• 2011 – First IT security provider in Denmark to achieve ISO 27001 certification, demonstrating adherence to best practices in information security.
• 2014 – First Danish company to complete the ISO 27001:2013 certification process, ensuring compliance with updated global security standards.
• 2020 – Introduction of annual ISAE 3000 audits for all primary services, enhancing Dubex’s compliance documentation and risk management.
• 2022 – Reaffirmation of ISO 27001 certification, reinforcing Dubex’s position as a leader in information security and strengthening trust with customers and partners.

By continuously adapting to new cybersecurity challenges and upholding rigorous security standards, Dubex provides clients with cutting-edge solutions that align with international benchmarks.

Information security in practice

Dubex’s management system for information security, the ISMS system, creates the frameworks for how we secure internal and external information through operational and established procedures and instructions for placement of responsibility, guidelines, risk assessment, and contingency plans.

Dubex’s ISMS system is based on:

• Compliance with the international standard ISO/IEC 27001 and the selected management objectives and measures from the ISO/IEC 27002 standard.
• All relevant rules, legal requirements, guidelines, and contracts within Dubex’s business area, personal data legislation, the Sale of Goods Act, government requirements, and labor market agreements.
• Common methods and procedures for information security.
• Read our ISMS and information security policy here (in danish) 

Scope: Information security in connection with the development, delivery, and servicing of solutions and services within IT security in accordance with the Statement of Applicability, dated May 18th, 2022.

What is ISMS and how does it benefit businesses?

An Information Security Management System (ISMS) is a structured framework that helps organizations identify, assess, and mitigate security risks. It ensures compliance with standards like ISO/IEC 27001, protecting sensitive data and enhancing resilience against cyber threats.

Dubex’s ISMS goes beyond compliance—it strengthens daily security operations by providing:

• Proactive risk management – Identifies and mitigates threats before they escalate.
• Regulatory compliance – Ensures adherence to ISO 27001, GDPR, and industry regulations.
• Operational security – Implements structured policies to safeguard business and customer data.
• Incident response readiness – Enables swift action to minimize breaches and downtime.
• Enhanced trust – Demonstrates commitment to best practices in cybersecurity.

With a robust ISMS in place, Dubex ensures that businesses stay secure, compliant, and resilient in an evolving threat landscape.

Dubex ensures:

• Availability
  Dubex’s business systems are available 24/7. We maintain a level of preparedness that ensures that normal operation of critical business systems can be re-established as agreed in the relevant SLAs.
• Integrity
  Reliable and correct operation of the information systems is achieved with minimized risk of incorrect data, e.g., as a result of human and system errors or external events.
• Confidentiality
  Dubex’s data, and the customers’ data in Dubex’s custody, are kept confidential by using classification, encryption, and access control. Data is only available to the individuals in the way the classification prescribes.

Roles and responsibilities in information security

Ensuring strong information security requires clear roles and responsibilities. As CTO at Dubex, Jacob Herbst is responsible for managing daily security operations, ensuring compliance with ISO 27001 standards and industry best practices. The security team is responsible for monitoring, assessing, and responding to potential threats, while all employees play a crucial role in maintaining security by adhering to policies and reporting any suspicious activity.

Continuous monitoring and improvement

Dubex ensures strong security through continuous monitoring and assessment. Security incidents are logged, analyzed, and addressed to prevent recurrence. Regular risk assessments identify vulnerabilities, while employee training keeps security awareness high. Management reviews policies annually to align with industry best practices, ensuring a proactive defense against evolving threats.

Dubex is ISO 27001 certified – the entire company and all our services

Dubex has been ISO 27001 certified for 11 years in information security in connection with the development, delivery, and servicing of solutions and services in IT security. We are thus a security provider able to prove control of IT security, both internally and in relation to our external services.

The level of security is determined in relation to individual cases, completion of work, and financial resources. In addition to a high level of security, an appropriate and user-friendly use of IT is desired, where our security consultants have other needs in their daily work than the more administrative or sales-oriented employees.

Dubex ensures that employees are informed about the ISMS system, its policies, procedures, and instructions, as well as the employees’ responsibility in regard to the company’s information and systems.

How Dubex stays ahead in security

Dubex ensures strong security through continuous monitoring and assessment. Security incidents are logged, analyzed, and addressed to prevent recurrence. Regular risk assessments identify vulnerabilities, while employee training keeps security awareness high. Management reviews policies annually to align with industry best practices, ensuring a proactive defense against evolving threats.

Third-party audits: Why they matter

Independent audits verify Dubex’s compliance with ISO 27001 and industry standards. These evaluations strengthen security controls, highlight areas for improvement, and build trust with clients by ensuring transparency and accountability. Regular third-party assessments keep Dubex’s security framework robust and up to date.

Placement of responsibility at Dubex

The responsibility for the day-to-day management of Dubex’s information security lies with CTO Jacob Herbst.

If an employee detects or suspects threats or breaches of information security, he or she must immediately notify the security officer. Employees who violate Dubex’s information security policies, procedures and instructions will be met with provisions described in Dubex’s procedures and personnel policy.

Follow-up

Dubex measures, assesses and monitors the information security area as follows:

• Ongoing unique registration and follow-up on security incidents.
• Ongoing registration of initiatives.
• Follow-up on the knowledge level in Dubex.
• Risk assessments are carried out in the event of major changes and at least once a year.
• Conducting of independent third-party audits and evaluations.
• Management reviews and re-evaluates the ISMS and information security policy based on the above at least once a year.

Based on this, the management reviews and re-evaluates the ISMS and information security policy once a year, as well as in the event of major changes.

Does your business need ISO 27001 security?

Learn more about how Dubex can help your company achieve stronger information security. Contact us for advice and guidance on ISO 27001 certification.

How to get started with Dubex

Achieving ISO 27001 compliance can seem complex, but Dubex makes the process straightforward. Here’s how businesses can partner with us:

1. Consultation – We assess your current security posture and discuss your needs.
2. Gap analysis – Our experts identify areas that need improvement for ISO 27001 compliance.
3. Implementation – We help establish policies, risk management processes, and technical controls.
4. Certification support – Dubex guides you through audits and certification requirements.

With our expertise, your business can strengthen its security framework efficiently and effectively.

What can Dubex do for you?

Dubex offers end-to-end support for companies aiming to enhance their security:

• Expert guidance – Navigating ISO 27001 requirements with a dedicated team.
• Customized security solutions – Tailored risk management, compliance, and governance support.
• Continuous monitoring – Ongoing security assessments to maintain compliance and mitigate threats.

Does your business need ISO 27001 security?
Learn more about how Dubex can help your company achieve stronger information security. Contact us for expert advice and guidance on ISO 27001 certification.

Approval

This policy was last approved by Dubex’ Board of Directors on May 7th 2024.