Sofico Stories



To set up our ISMS, we followed the best practices described by ISO 27001, the international standard for ISMS.

After more than 1 year of preparation, independent ISO auditors came, saw and … approved!

ISO 27001 takes a risk-based approach to information security:

  • Identify information security risks
  • Apply suitable controls to mitigate them

Our ISO/IEC 27001:2013 certification offers you guarantees about the controls applied by Sofico. You can learn more about these controls on the ISO 27001 section of our website.

What is ISO27001?

ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.

ISO27001 Explained

As part of the internal learning program around ISO27001, Sofico developed 12 explainer videos that explore the ISO27001 controls.

Below you can already watch four of them. The other videos can be found here.

Video 1

Video 2

Video 3

Video 4