Featured Product
This Week in Quality Digest Live
Management Features
Jennifer V. Miller
Don’t write your company off just yet
Harry Hertz
Right now, organizations have a unique opportunity to reconsider their work environment
Narayan Pant
It doesn’t have to be lonely at the top
Steve Calechman
How to do well and do good at the same time
Megan Wallin-Kerth
MasterControl’s Matt Lowe talks competition, data, and what quality does for a company

More Features

Management News
New e-book on quality system management now available for pre-order
Provides opportunities to deepen leadership capabilities
A cybersecurity expert offers guidance
Former service partner provides honing and deep-hole drilling solutions
Connects people and processes across functional silos with a digital thread for innovation
Better manufacturing processes require three main strategies
Technical vs. natural language processing

More News

Ryan E. Day


Brightstarr Bolsters Data Security Confidence With ISO/IEC 27001 Certification

Company culture and commitment make it happen

Published: Wednesday, May 9, 2018 - 12:03

Unily is a leading digital workplace platform designed by BrightStarr to improve engagement, productivity, and efficiency for global enterprises. Unily is also a SaaS solution. That is, it’s served up via the cloud. Meaning that—with more than a million users, including the likes of Shell, Hershey’s, Microsoft, and many other leading brands—information security is of utmost importance for BrightStarr.

Quality Digest recently had the opportunity to speak with Sam Hassani, chief technology officer at BrightStarr, to discuss his company’s challenges and opportunities in securing its recent ISO/IEC 27001:2013 certification. ISO/IEC 27001:2013 is an internationally recognized security standard that specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within an organization. It also includes requirements for the assessment and treatment of information security risks.

Quality Digest: BrightStarr recently obtained ISO/IEC 27001:2013 certification. Can you share some insight as to why this certification was important to the company?

Sam Hassani: Our clients trust us to adhere to best practices in information security management. Achieving this certification assures our customers that their data and information is always a top priority and not just rhetoric. We’re a leader in driving digital transformation, and we’re pleased to help our customers realize the benefits that they can achieve by working with a company that adheres to the highest security standards available.

QD: What was the process of pursuing a certification like?

SH: Obtaining certification was the final stage in formalizing the best practices and security standards that BrightStarr has worked to achieve since its inception. Pursuing certification requires an extensive understanding of the required standards and then aligning processes, policies, and procedures to meet them. It also requires formalizing responsibility and accountability across the company, so that everyone thinks and acts in line with these best practices every single day. From our experience, it’s not only adhering to processes and procedures; it’s also about creating a corporate culture that instills this thinking at its core.

QD: What kind of challenges did BrightStarr run into along the way?

SH: One of the biggest challenges is that BrightStarr operates on a global scale. ISO/IEC 27001:2013 certification covers a broad range of areas, some of which are function-based around how we govern client information within Unily itself, while others are more focused on local operating procedures. Because BrightStarr operates in all corners of the globe, it is of the utmost importance to ensure that each aspect of our business is aligned to manage what can be deemed as localized functions, such as human resources and recruitment. That said, successfully operating as a global business is a challenge BrightStarr learned to manage during its infancy, as well as its expansion into the United States—this challenge has transformed into one of its greatest strengths.

QD: What are the benefits of certifying to an ISO standard?

SH: The certification gives our customers confidence that maintaining the security of their data and information is always our top priority. It provides this assurance without our clients having to scrutinize our intricate operating procedures. It helps them understand that we operate at an expected level when it comes to information security management, and that we’re continually striving to improve upon that standard. Of course, we welcome our clients and prospective clients to explore our information security management procedures. We ensure that they’re at the level of detail required to address the requirements of the ISO/IEC 27001 certification.

QD: Should brands feel comfortable working with a company that hasn’t achieved certification?

SH: As we transition into a world where cloud-based software providers host or handle client data on a regular basis, it’s important for brands to be able to trust that their provider is operating in line with known standards. Although many will be aligned to best practices and specific security standards, obtaining and maintaining certification provides the required evidence that the cloud-based provider has confidence in its information security management processes and procedures. In turn, this gives brands the level of assurance they expect.

QD: Why are security standards so critically important to SaaS companies?

SH: We work with some of the largest enterprises in the world, so the security of their data is of paramount importance. We need to give our customers the confidence that they can trust us to keep their data safe, leaving them to get on with the work that drives value for their business.

QD: Are there any other certifications that BrightStarr will seek out in the future? If so, can you please elaborate?”

SH: In parallel to obtaining ISO/IEC 27001:2013 certification, BrightStarr has worked to ensure that it is GDPR compliant [the European Union’s General Data Protection Regulation]. GDPR regulation goes into effect May 23, 2018, and BrightStarr is ready. GDPR not only impacts organizations that reside within the EU, but also any organization that has employees that are EU citizens. BrightStarr prides itself on prioritizing security for our clients. We will continue to assess, obtain, and maintain relevant security certifications.


About The Author

Ryan E. Day’s picture

Ryan E. Day

Ryan E. Day is Quality Digest’s project manager and senior editor for solution-based reporting, which brings together those seeking business improvement solutions and solution providers. Day has spent the last decade researching and interviewing top business leaders and continuous improvement experts at companies like Sakor, Ford, Merchandize Liquidators, Olympus, 3D Systems, Hexagon, Intertek, InfinityQS, Johnson Controls, FARO, and Eckel Industries. Most of his reporting is done with the help of his 20 lb tabby cat at his side.