27001 - Information Security
The AENOR certificate based on the UNE-ISO 27001 Security Management System standard certifies that IDEAS has implemented a Management System that reinforces and protects Information Security, betting on continuous improvement.

This standard contains the processes aimed at guaranteeing security in the information systems of the services provided by IDEAS, as well as the correct operation and management of the data.

The purpose of obtaining this certificate is the importance of information, both physical and digital, since they are one of the main assets of organizations. For IDEAS, the protection and security of these is fundamental, thus ensuring the correct development of the business and transmitting trust and security to stakeholders, clients and users.

The implementation of this standard assures companies a focus on information management, ensuring that it is in a protected and available manner, ensuring the technical, physical, personnel and company process security.

As it is private and valuable information, it is sought with this certificate to cover the risks associated with loss, deterioration or manipulation. For this, it has IT processes and services, which considers the impacts that may affect the organization and adapts to these with strategic procedures in consideration of a continuous improvement of the company.

Obtaining this AENOR ISO 27001 certificate allows us to guarantee the confidentiality of the information available and accessible only to authorized personnel when required, together with its integrity. In addition to generating trust towards the company, since it is a world-leading certification.

This standard has generic requirements according to the treatment of information security and the needs of the organization, so that it is applicable to different types of clients, whatever their size, functions or nature.

The certification contributes with its implementation a reduction in costs from security incidents, guaranteeing the protection of the information that is handled. It also ensures that it meets the legal requirements within the scope of information protection. This standard is internationally recognized and suitable for any type of organization. Being a standard with a long history, it has been incorporating the relevant improvements in relation to information security.

Advantages it brings to companies:

  • It allows organizations, based on their business objectives, to incorporate privacy and information security risk management using continuous improvement.
  • It has the legal management systems of the standard based on the data protection of the country in question.
  • It emphasizes the principle of proactive responsibility, since there is evidence of the certification to support compliance with data protection legislation.
  • To report incidents, security and privacy breaches, it has effective mechanisms and controls.
  • It allows a moderate financial sanction in case of breach of data protection.
  • For the treatment of the data, it has an implementation of privacy by design.
  • Likewise, for the treatment of data and its management, it provides transparency and efficiency to clients
This standard is compatible with other management system standards.

Content of ISO 27001 standard and what it contributes to companies:

  • Understanding the context of the organization, its needs and expectations together with the determination of the scope of the information security management system.
  • Leadership and commitment, with established roles, responsibilities and authorities and with an established policy.
  • Planning, considering the appropriate actions to deal with risks and opportunities and establish the objectives to be achieved.
  • Support, resources, skills, awareness, communication and the relevant information documented, controlled and updated.
  • Operation and planning of the processes together with the assessment and treatment of risks.
  • Carry out a performance evaluation, organizing internal audits and reviews by management
Establish continuous improvement of non-conformities and corrective actions.

After an exhaustive and rigorous audit process, IDEAS GRC obtained the ISO/IEC 27001 certification in early 2019, after the corresponding AENOR INTERNACIONAL, S.A.U. audit process, of our Information Security Management System. Based on the foregoing, the security of the information contained in the information systems that support the provision of the IDEAS GRC service, as well as the application itself, has been demonstrated.

9001 - Quality Management Systems
The AENOR certificate based on the UNE-ISO 9001 Quality Management standard certifies that IDEAS has implemented a Management System that reinforces Quality Management.

This standard is the maximum reference for quality management, which helps companies to boost the success, profitability and potential of the company. It is the most widely used model and it is available in many sectors.

Its purpose is to ensure that the needs and expectations of stakeholders and customers are met based on internationally recognized quality management principles established by the International Standards Organization (ISO).

The ISO 9001 standard is applicable to all types of organizations regardless of the size or functions they perform, in order that their actions improve the customer experience and meet their needs.

This model has evolved and adjusted over time, updating itself to adapt to the needs of different industries. Orientation to customer satisfaction and process management based on a focus on continuous improvement was added. In addition, it takes into account the management of the analysis of the context of the development of the activities of the companies and therefore the consideration of the associated risks.

It has an improvement cycle structure, which provides the integration of management models in environmental aspects, safety and health at work, etc.

The international standard ISO 9001 can be used by companies of any size, which intend to systematize management and obtain maximum profitability and efficiency in their services. This standard is carried out effectively to provide companies with the systematization and organization of competitive processes and today's changing market.

Based on ISO 9001 on Management Systems, other process management systems have been added, supported by continuous improvement.

Advantages it brings to companies:

  • Focuses on customer experience and meeting customer needs.
  • Improved accountability and tracking, simplifying internal processes, improving efficiency and savings.
  • Recognition of quality for clients internationally.
  • Provides motivation and clarity based on business objectives, focusing on what is really important for the business.
  • To improve customer service and subsequent referrals.
  • Increases competitiveness, improving internal processes and services offered.
  • Possibility of opening up to new businesses together with the improvement of the image within the market.
  • Based on evidence, improves decision making.

This standard is focused on customer process management and continuous improvement, regulating the quality of the organization based on basic requirements that must be met:

  • Management of internal processes in organizations.
  • Carry out monitoring and control of external providers.
  • Focused on the customer and his satisfaction.
  • Focused on continuous improvement.

Content of the ISO 9001 standard which contributes to companies:

  • Understanding of the context of the organization, its needs and expectations together with the determination of the scope of the quality management system and its processes.
  • Leadership and commitment, with roles, responsibilities and authorities established and with an established quality policy focused on the client.
  • Planning, considering the appropriate actions to deal with risks and opportunities and establish the quality objectives to be achieved, based on whether or not it is necessary to apply changes.
  • Support, necessary resources to implement, skills, awareness, communication and with the pertinent information documented, controlled and updated
  • Operation, planning and operational control of the processes together with the requirements for products and services within the design and development of these. Control externally supplied processes, products and services. Production and provision of the service based on its conditions. Release of products and services and keep track of non-compliant outputs.
  • Carry out a performance evaluation, based on monitoring, measurement, analysis and evaluation, organizing internal audits and reviews by management.
  • Establish continuous improvement of non-conformities and corrective actions.

After a hard and meticulous audit process, IDEAS GRC obtained in early 2019 UNE-ISO 9001 certification after the audit process carried out by AENOR INTERNACIONAL, S.A.U., in recognition and evidence of the conformity of our system with the standards of quality management included in the UNE-ISO 9001 standard. IDEAS GRC renews this certification on an annual basis.