Atostek has been awarded the ISO 27001 information security certificate – “We can serve our customers even better now”
Atostek has been granted the ISO 27001 certificate. This is an international standard that defines the requirements for an information security management system. The role of information security is particularly significant in the current uncertain global situation, where data breaches and various cyber threats are a growing concern.
Atostek was awarded the ISO 27001 certificate in March 2025. The certificate demonstrates that the company recognizes the risks associated with information security and works actively to develop information security.
“We can serve our customers even better now”
Today, customers expect a higher level of information security from organizations, and authorities also emphasize its importance.
“There is a general increase in customer interest in information security. With the certification process, we aim to ensure that our information security management system is in accordance with a generally recognized standard, allowing our customers to trust it. As a result, less time is required for auditing Atostek’s operations, which saves time for both our customers and us,” says Atostek’s Chief Technology Officer Jaakko Perkiö.
In practice, the certificate proves that Atostek’s operational models are in accordance with the ISO 27001 standard. The ISO 27001 certificate also supports Atostek’s previously acquired ISO 9001 quality management system certificate and the ISO 13485 certificate for medical devices.
“With the ISO 27001 certificate, we can serve our customers who handle sensitive information and patient data even better,” says Atostek’s quality manager Juho Leppämäki.
Obtaining the ISO 27001 certificate requires long-term effort
Originally, Atostek’s information security management system began to be reformed in 2022, when the requirements of the ISO 27001 standard were taken as the guideline.
“This decision facilitated the development process and, on the other hand, helped to focus on what’s essential. However, information security is a moving target, so this is just the beginning,” Perkiö notes.
Obtaining the ISO 27001 certificate requires long-term and thorough work for information security. The requirements included in the certificate include, among other things, defining operating environments and information assets and risk management.
“We had a good starting point for complying with the ISO 27001 standard, as we already had ISO 9001 and ISO 13485 certificates. Of course, obtaining this certificate required hard work. In practice, for example, Annex A contained a very large number of control measures that had to be fulfilled,” Leppämäki explains.
