At a Glance
The Context
Datapao supports organizations in sectors such as energy and manufacturing with cloud migrations, data platforms, and analytics/AI initiatives. With growth in customers and delivery complexity, Datapao required a structured and internationally recognized approach to information security governance, risk management, and continual improvement.
What Datapao Set Out to Achieve
- Third-party assurance: Provide customers with recognized, independent assurance of its ISMS
- Security consistency: Improve consistency of controls and responsibilities across teams and environments
- Audit readiness: Maintain an evidence-backed posture to support ongoing customer security reviews
Managing Audit Readiness (Client Activities)
Datapao used Sprinto as a centralized system to organize ISMS documentation, track control activities, and manage evidence collection across its technology environment. This supported internal coordination of risks, controls, and records required for an ISO/IEC 27001 certification audit.
Key Preparation Activities
- Centralized ISMS documentation and record management
- Tracking of control operation and evidence
- Coordination of risk assessment, treatment, and control ownership
- Internal review activities supporting audit readiness
Independent Certification Audit by Glocert International
Glocert International conducted the certification assessment using a two-stage audit approach in line with ISO/IEC 27001 requirements.
Stage 1 - Readiness Review
- ISMS scope and boundaries
- Information security policy and objectives
- Risk assessment methodology and risk treatment approach
- Statement of Applicability (SoA) review
- Internal audit and management review status/records
Stage 2 - Certification Audit
- Sampling of objective evidence across in-scope processes and systems
- Interviews with process owners and key personnel
- Verification of control implementation and operation
- Assessment of ISMS performance, effectiveness, and continual improvement mechanisms
Following closure of any nonconformities raised during the audit, Glocert's certification decision function completed an independent certification decision in accordance with its certification process.
Outcome
ISO/IEC 27001:2022 Certified
Independent confirmation of a standards-based ISMS
Customer Confidence
Stronger assurance for customer due diligence and procurement reviews
Governance Foundation
A structured baseline for continual improvement of security practices
Ongoing Assurance
Supports surveillance audits and evolving customer expectations
Framework Summary
| Element | Details |
|---|---|
| Standard | ISO/IEC 27001:2022 |
| Industry | Data Engineering / Cloud & AI Solutions |
| Location | Hungary |
| Certification Body | Glocert International |
| Compliance Platform | Sprinto (client-selected) |
Impartiality & Transparency Note
Glocert International's role in this engagement was limited to conducting an independent certification audit and performing certification decision activities. Datapao is responsible for the design, implementation, and operation of its ISMS. Any tools or platforms referenced (e.g., Sprinto) were selected by Datapao; reference to third-party products does not imply endorsement by Glocert International.
Pursuing ISO/IEC 27001 Certification?
If your customers require independent assurance of your information security management practices, Glocert International can support your ISO/IEC 27001 certification audit program.
Request ISO/IEC 27001 Certification Information