Well, We Did It: TICGAL is ISO 27001 Certified! We’ve officially earned our ISO/IEC 27001:2022 certification! For those who aren’t familiar, that’s the international gold standard for managing information security. It’s a pretty big deal, and to be honest, we’re really proud.

And we did it our way. In line with our whole Local Roots, Global Reach IT philosophy, our entire Information Security Management System (ISMS) is written in Galician. It’s a small detail, but it’s important to us. It’s a reminder of who we are, even as we compete on a global stage.

The “Gentle Suggestion” from Our Big Friends

So, why go through this whole intense process? Let’s be honest. As a small company, you don’t just wake up one day and decide to tackle a massive certification for the fun of it (Disclaimer: It’s not fun). The reality is, our clients were a huge motivator.

When you have the opportunity to work with large clients, they have certain expectations. Security isn’t just a suggestion; it’s a fundamental requirement. You can’t just promise you’re secure; you have to prove it. Their high standards gave us the push we needed to go from “we should probably do this” to “we are doing this now.” And for that, we’re genuinely thankful. Although it was challenging, it ultimately helped us significantly improve the security of our operations.

It’s a Rudder Shift, not just a Binder on the Shelf

Anyone who thinks ISO 27001 is just about writing a bunch of documents has missed the point. You can’t just buy security. The certificate on the wall is nice, but the real change is in our culture.

It’s about turning security into a reflex, not a chore. We started this journey last year, and it’s been eye-opening. We had to rethink everything. Things that might have been okay before are now completely out of the question. Remember, just plugging in any old USB stick? Password-based SSH login as root? How about adopting a new service that wasn’t integrated with our secure login, or at least didn’t have 2FA? Yeah, those days are over. It’s about being mindful of the data we handle, locking our screens religiously, and thinking twice before clicking a link. It’s a collective mindset shift, and every single person on the team has stepped up.

Again, not a walk in the park; a lot of tension has arisen, investments have been made, and even the bad guys are always out there doing what they do.

Since I’m always thinking about business, I’ve come up with a few ideas to monetise the process. Our needs are pretty similar to yours, so you can expect some interesting and actionable security updates from us soon. We’re talking real solutions, not just promises.

 

This Isn’t the Finish Line

Achieving this certification feels great, but we see it as a starting point, not a finish line. The goal isn’t just to keep the certification; it’s to use it as a foundation to build on. It’s proof that our capabilities are growing, and our ambition is growing right along with them.

We’ve already started looking at what’s next. This is just one step on a long road of continuous improvement. We’re committed to this path, to our clients, and to proving that a small Galician company can deliver world-class, secure IT.

Ad infinitum et ultra.