In early December 2023, Kumina B.V. in Eindhoven received its ISO 27001:2022 certification from Brand Compliance. Kumina B.V. can now demonstrate it has its information security in order by implementing an Information Security Management System within the organization.
Information security
The scope of certification is information security related to the maintenance of software platforms. This includes development, configuration and consultancy/user training.
Tim Stoop, CEO of Kumina B.V.: “Achieving ISO 27001 certification is no mean feat. It shows our commitment to maintaining the highest standards when it comes to protecting sensitive information. With this certification, our clients can have full confidence in our ability to protect their data and maintain its confidentiality.”
About Kumina B.V.
Founded in 2007, Kumina offers managed operations services. It now mainly manages Kubernetes clusters for its clients. This allows clients to focus on their core business by outsourcing maintenance. Kubernetes is open-source software for managing applications in containers.
Its target customers are companies that market a SaaS product running on Kubernetes. Kubernetes is a complete platform consisting of many different components, all of which need to be managed separately. Companies can outsource this to Kumina, allowing them to focus on developing and deploying their own software.
Why did Kumina choose certification?
Rutger Spiertz, COO and security manager at Kumina, explains: “Because Kumina manages its clients’ core business, security has always been an important part of its services. Over the years, it has been repeatedly asked for certifications, but this has never been a breaking point. For those clients who came up with it later, it was enough to audit our services. We now believe that certification is so important in today’s IT landscape that we did not want to put it off any longer. Also, because there are now increasingly larger clients knocking on the door for whom such certification is indeed a breaking point.”
Certification by Brand Compliance
Kumina looked for a party that could provide an auditor with some knowledge of Linux. This was desirable because Kumina only uses this operating system, both on servers and on its own desktops.
The reason for choosing Kumina for Brand Compliance was that communication was pleasant and clear from the start. Also, the price was very competitive and Brand Compliance has auditors with experience with Linux.
The certification process
Tim talks about Kumina’s experience with the certification process: “We had a pleasant experience with the auditor. The auditor asked relevant questions and was able to actually assess the evidence we provided. Compared to previous audits, this was a better experience for us. We were often asked irrelevant questions and our answers could not be assessed.”
Rutger continues: “The auditor was strict, but fair. He clearly indicated where there are areas for improvement, but also what is going well. We feel that we have done our preparation thoroughly and that he was therefore satisfied. We believe that if that had not been the case, this would have been assessed strictly and in a direct manner. Our commitment has always been: we either do it well or we don’t, so the confirmation in this is nice. We were thoroughly examined and assessed fairly.”
End result
By obtaining the certificate, Kumina demonstrates that it has correctly set up its Information Security Management System (ISMS). Kumina’s method has been to rewrite everything from templates, to how work is done within the organization. A lot of time was spent on that. Kumina is pleased that its efforts have been rewarded with the ISO 27001 certificate.