Featured Video
This Week in Quality Digest Live
Management Features
Context plays a critical factor in why users click on a phishing email
Jama Software
Teams must be able to access, collaborate, update, and test each requirement through to project completion
Kevin Meyer
How are we affected by our bias, framework, and viewpoint?
Mike Richman
Understanding cultural issues that help or hurt organizational performance
William A. Levinson
World-class performance results when workers care about their organization

More Features

Management News
The FDA wants medical device manufactures to succeed, new technologies in supply chain managment
Preparing your organization for the new innovative culture
Standard recognizes that everyone is critical to a successful quality management process.
Pharma quality teams will have performance-oriented objectives as well as regulatory compliance goals
Management's role in improving work climate and culture
Work with and learn from some of the nation’s best people and organizations
Cricket Media and IEEE team up to launch TryEngineering Together

More News

Ryan E. Day


Brightstarr Bolsters Data Security Confidence With ISO/IEC 27001 Certification

Company culture and commitment make it happen

Published: Wednesday, May 9, 2018 - 12:03

Unily is a leading digital workplace platform designed by BrightStarr to improve engagement, productivity, and efficiency for global enterprises. Unily is also a SaaS solution. That is, it’s served up via the cloud. Meaning that—with more than a million users, including the likes of Shell, Hershey’s, Microsoft, and many other leading brands—information security is of utmost importance for BrightStarr.

Quality Digest recently had the opportunity to speak with Sam Hassani, chief technology officer at BrightStarr, to discuss his company’s challenges and opportunities in securing its recent ISO/IEC 27001:2013 certification. ISO/IEC 27001:2013 is an internationally recognized security standard that specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within an organization. It also includes requirements for the assessment and treatment of information security risks.

Quality Digest: BrightStarr recently obtained ISO/IEC 27001:2013 certification. Can you share some insight as to why this certification was important to the company?

Sam Hassani: Our clients trust us to adhere to best practices in information security management. Achieving this certification assures our customers that their data and information is always a top priority and not just rhetoric. We’re a leader in driving digital transformation, and we’re pleased to help our customers realize the benefits that they can achieve by working with a company that adheres to the highest security standards available.

QD: What was the process of pursuing a certification like?

SH: Obtaining certification was the final stage in formalizing the best practices and security standards that BrightStarr has worked to achieve since its inception. Pursuing certification requires an extensive understanding of the required standards and then aligning processes, policies, and procedures to meet them. It also requires formalizing responsibility and accountability across the company, so that everyone thinks and acts in line with these best practices every single day. From our experience, it’s not only adhering to processes and procedures; it’s also about creating a corporate culture that instills this thinking at its core.

QD: What kind of challenges did BrightStarr run into along the way?

SH: One of the biggest challenges is that BrightStarr operates on a global scale. ISO/IEC 27001:2013 certification covers a broad range of areas, some of which are function-based around how we govern client information within Unily itself, while others are more focused on local operating procedures. Because BrightStarr operates in all corners of the globe, it is of the utmost importance to ensure that each aspect of our business is aligned to manage what can be deemed as localized functions, such as human resources and recruitment. That said, successfully operating as a global business is a challenge BrightStarr learned to manage during its infancy, as well as its expansion into the United States—this challenge has transformed into one of its greatest strengths.

QD: What are the benefits of certifying to an ISO standard?

SH: The certification gives our customers confidence that maintaining the security of their data and information is always our top priority. It provides this assurance without our clients having to scrutinize our intricate operating procedures. It helps them understand that we operate at an expected level when it comes to information security management, and that we’re continually striving to improve upon that standard. Of course, we welcome our clients and prospective clients to explore our information security management procedures. We ensure that they’re at the level of detail required to address the requirements of the ISO/IEC 27001 certification.

QD: Should brands feel comfortable working with a company that hasn’t achieved certification?

SH: As we transition into a world where cloud-based software providers host or handle client data on a regular basis, it’s important for brands to be able to trust that their provider is operating in line with known standards. Although many will be aligned to best practices and specific security standards, obtaining and maintaining certification provides the required evidence that the cloud-based provider has confidence in its information security management processes and procedures. In turn, this gives brands the level of assurance they expect.

QD: Why are security standards so critically important to SaaS companies?

SH: We work with some of the largest enterprises in the world, so the security of their data is of paramount importance. We need to give our customers the confidence that they can trust us to keep their data safe, leaving them to get on with the work that drives value for their business.

QD: Are there any other certifications that BrightStarr will seek out in the future? If so, can you please elaborate?”

SH: In parallel to obtaining ISO/IEC 27001:2013 certification, BrightStarr has worked to ensure that it is GDPR compliant [the European Union’s General Data Protection Regulation]. GDPR regulation goes into effect May 23, 2018, and BrightStarr is ready. GDPR not only impacts organizations that reside within the EU, but also any organization that has employees that are EU citizens. BrightStarr prides itself on prioritizing security for our clients. We will continue to assess, obtain, and maintain relevant security certifications.


About The Author

Ryan E. Day’s picture

Ryan E. Day

Ryan E. Day is a Quality Digest contributing editor and principal administrator of the company’s content marketing program, which brings together those seeking business improvement solutions, and solution providers. Day has spent the last 7 years researching and interviewing top business leaders and continuous improvement experts including Sakor, Ford, Merchandize Liquidators, Olympus, 3D Systems, Hexagon Intertek, InfinityQS, Johnson Controls, FARO, and Eckel Industries. When not developing engaging and informative content, Day might be found polishing his html and css skills, or hanging out with his 20lb American Tabby cat.