Nicole, CISO

At Soverin, we’ve believed in safe, reliable, and responsible services since the very beginning. These values have always shaped the way we operate, but in December 2024, we decided to take a significant step forward: to not just live by these principles, but to have them formally validated.

Together with our trusted partner Kwinzo, we embarked on an ambitious project to achieve certification for ISO 27001 (Information Security), ISO 9001 (Quality Management), and ISO 14001 (Environmental Management). In addition, we set out to align with NEN 7510 (Healthcare Information Security) and prepare for the evolving demands of the NIS2 Directive.

Choosing to pursue all three ISO certifications at once wasn’t just about ticking boxes. It was a conscious decision — to strengthen the trust that our customers place in us, to hold ourselves accountable at every level, and to future-proof our organization as we continue to grow.

A Solid Start: Risk Analysis as the Foundation

From the very first kick-off session, it was clear that this project would be much more than filling out templates. Our first group risk analysis session immediately surfaced an insightful list of risks and opportunities.

This exercise helped us prioritize improvement projects right from day one. It also revealed something even more important: the genuine engagement from everyone involved. This wasn’t about external pressure; it was about reinforcing the way we already worked, and making it even better.

ISO 27001, 14001 & 9001 certified and NIS2 compliant.

One Integrated Management System: Efficiency and Clarity

Thanks to Kwinzo’s flexible methodology, we were able to build an Integrated Management System (IMS) that brings together our Information Security Management System (ISMS), Quality Management System (QMS), and Environmental Management System (EMS) into one coherent structure.

Rather than managing separate systems, we developed a single set of consistent documents and processes — designed not just for compliance, but to truly reflect and strengthen the way we work at Soverin.

Our weekly working sessions weren’t just about ticking off requirements; they became an opportunity to capture the essence of our operations and to continuously find ways to improve.

Inventory Insights: Small Details, Big Impact

As we built out our ISMS, we conducted a detailed inventory of our IT landscape and organization. One eye-opening finding was that, in some cases, only a single administrator had been assigned to certain (non-core) tools. Our strict focus on least privilege in the past had unintentionally created a resilience gap.

We carefully restructured our access model, ensuring that every application now has a designated backup administrator. A small but significant change that immediately made Soverin even more resilient.

From Heads to Structure: Documenting Our Processes

When working through the QMS, we discovered that while many of our processes existed, they often lived primarily in the minds of our team members. Choosing the right way to document these processes wasn’t always straightforward. Sometimes a flowchart said more than a page of text. Using our custom-built process templates, we captured over 42 key processes — structured, accessible, and ready to support both new and existing team members.

The Final Stretch: Preparing for the Audit

As the audit approached, the final weeks demanded perseverance. There were evenings and weekends spent refining details and cross-checking documentation.

And it paid off:

  • Zero non-conformities

  • Only a few valuable recommendations for further improvement

This wasn’t just a certification milestone. It was validation that what we have been doing at Soverin for years already meets — and often exceeds — the highest international standards for security, quality, and sustainability.

Proud of the Team, Ready for the Future

I couldn’t be prouder of the entire Soverin team. In just four months, we built a fully operational Integrated Management System, completed extensive documentation, and passed the external audits with flying colors.

Achieving these certifications is a major milestone. But more importantly, it’s an endorsement of the way we work every day — with care, rigor, and a long-term vision.

Personally, I’m excited to build on this strong foundation to further strengthen our services, our internal resilience, and our positive impact on the world around us. This is just the beginning.

Committed to a Safe, High-Quality, and Sustainable Future

Our Integrated Management System ensures we continue to improve — not because we have to, but because we believe our customers, our colleagues, and our planet deserve nothing less.

Would you like to learn more about how we approach information security, quality, and sustainability at Soverin?

Or are you curious what a certification journey looks like behind the scenes?

We’re happy to share our experiences — just reach out!