Freeday
Freeday provides digital employees to take over repetitive human tasks and interactions. To ensure that both the digital workforce, as well as Freeday’s entire organization, handle information responsibly, NAALA assisted Freeday with implementing ISO 27001 and NEN 7510. Applications already available within Freeday, such as Monday and Slite, were used for this purpose. Since every employee used the applications daily anyway, making employees aware of information security activities took little effort. As a result, Freeday has a fully integrated, understandable and effective information security management system.
Client: Freeday
Topic: Information Security (ISO 27001, NEN 7510, GDPR)
Website: www.freeday.ai
Client case
Freeday
Freeday provides digital employees to take over repetitive human tasks and interactions. To ensure that both the digital workforce, as well as Freeday’s entire organization, handle information responsibly, NAALA assisted Freeday with implementing ISO 27001 and NEN 7510. Applications already available within Freeday, such as Monday and Slite, were used for this purpose. Since every employee used the applications daily anyway, making employees aware of information security activities took little effort. As a result, Freeday has a fully integrated, understandable and effective information security management system.
ABOUT FREEDAY
Freeday provides digital employees to take over repetitive human tasks and interactions. For this purpose, Freeday has a certain workforce available: Healthcare assistant Florence, IT support assistant Richard, Financial assistant John, Customer service assistant Jennifer and HR assistant Jessy. This allows other employees to spend their time on other tasks, while the boring and time-consuming tasks are performed 24/7 by the digital assistants.
CHALLENGE
Embedding information security practices in the company in a way that everyone understands their responsibility without requiring additional resources.
Embedding information security practices in the company in a way that everyone understands their responsibility without requiring additional resources.
To ensure that both the digital workforce, as well as Freeday’s entire organization, handle information responsibly, Freeday takes information security measures. To reinforce this, Freeday has decided to implement ISO 27001 and NEN 7510.
As a fast-growing technology company, Freeday needed to embed information security throughout its organizational processes. Therefore, the challenge was to embed information security practices in the company so that everyone understands their responsibility without requiring additional resources.
“NAALA allowed us to actually implement information security in daily operations opposed to just making us ready for certification. Now all roles internally are aware of their responsibilities contributing to the ISMS”
– Marcus Groeneveld, CEO
“NAALA allowed us to actually implement information security in daily operations opposed to just making us ready for certification. Now all roles internally are aware of their responsibilities contributing to the ISMS.”
– Marcus Groeneveld, CEO
THE PROJECT
NAALA used tools already implemented within Freeday, such as Slite and Monday to implement information security in a way that is familiar to the team.
NAALA used tools already implemented within Freeday, such as Slite and Monday to implement information security in a way that is familiar to the team.
Considering the fast-paced and innovative culture within Freeday, we jointly identified an appropriate approach to work as quickly and efficiently as possible towards ISO 27001 and NEN 7510 certification.
Experience from other projects has taught us that the biggest challenge lies in getting the organization to work following the standard. The underlying organizational policies are supportive but drafting these is perhaps the easiest part of these projects.
We wrote policies, of course; there’s no escaping that for continuous information security. Especially in a young company, laying down rules and procedures to ensure consistency is crucial as a foundation for further growth. Roles and responsibilities may be changing rapidly. Successive individuals must be able to understand what activities were previously performed in securing a certain level of information security for this level to be maintained.
As Freeday was already using a document management tool (Slite), it made sense to include policies in it as well. This way, every employee could read how Freeday interprets ISO 27001 and NEN 7510. After all, they were all used to using Slite during their daily work. The benefit of using a document management tool rather than separate documents is that one can clearly outline the relationship between documents within the information security management system (ISMS), assign roles directly to the documents and keep track of changes. What about records and reports?
Not all of these were included in Slite as well. Reports, such as management reviews, were best suited to be included in Slite and directly linked to their corresponding policy. For registrations, such as the risk record and the (performance of the) operational agenda, there was a desire to apply automation feasibly within the work management tool Monday that Freeday was using. Since Monday was already used to assign tasks within project teams, it seemed fitting to use Monday for performing information security tasks as well to be consistent with the standard way of working.
Risk management is a crucial part of effective information security. Unfortunately, it also remains particularly vague for many organizations. For Freeday, we’ve set up a practical system for managing information security risks. ISO 27001 and NEN 7510 provide safeguards (controls) to manage information security risks. NAALA has translated these controls into understandable and actionable recurring tasks. Each task is assigned an owner; the role appropriate to perform the activity. When the date of the task approaches, only its owner receives a reminder to perform its activity.
An example of such a task is checking whether authorizations are assigned according to the internal authorization matrix. This task was assigned to each system admin. The system admin is now reminded periodically to review authorizations for the systems under their responsibility.
By using various types of automation, the entire system interoperates while minimizing the workload for Freeday’s employees. Moreover, the burden of managing risks and information security is distributed among several individuals, each with their expertise and responsibilities. The result is a clear set of activities, the execution of which is recorded: a manageable and demonstrably effective management system.
RESULTS
This project resulted in the successful ISO 27001 and NEN 7510 certification of Freeday. Congratulations!
This project resulted in the successful ISO 27001 and NEN 7510 certification of Freeday. Congratulations!
Having an up-to-date overview of tasks performed by all roles internally presents the status of the management system at each moment in time. By linking the tasks to actual risks, an up-to-date overview of effective risk mitigation is also available at any time. Should the system admin not review the authorizations before the task deadline, or if the review shows that the authorizations are set up incorrectly, the associated risk will not be sufficiently controlled. Using the system, this will automatically be shown as such in the risk overview.
The use of the applications already used within Freeday was very valuable. Since every employee used the applications daily anyway, making employees aware of information security activities takes little effort. Everyone within Freeday is familiar with the way the applications work, so policies can easily be found in Slite and everyone understands what to do with tasks assigned to them via Monday. As a result, Freeday has a fully integrated, understandable and effective information security management system.
Oh! Last but not least… This project resulted in the successful ISO 27001 and NEN 7510 certification of Freeday. Congratulations!
Curious how we can embed an ISMS within your organization? Feel free to reach out and we can discuss the possibilities.
FUTURE PLANS
Freeday can now continue building a digital workforce while having an ISMS supporting this. NAALA continues to work for Freeday periodically to support maintaining the ISMS and any ad-hoc requests that may come up.