Open Assessment Technologies is the leading open-source solution for digital assessments, empowering organizations worldwide to design, deliver, and manage assessments with maximum flexibility, interoperability, and security.
“We've managed to secure three multi-million dollar contracts as a result of our ISO 27001 certification. And it opens us up to more contracts or RFPs that we can bid on.”
Hans ter Horst, Head of QA, IT and Security Lead, Open Assessment Technologies
Secureframe provided Open Assessment Technologies with:
Jump To
Open Assessment Technologies delivers computer-based testing for governments and private customers across Europe, including France, Lithuania, and Norway.
While bidding on projects, Hans ter Horst, Head of QA, IT and Security Lead, saw a notable increase in security requirements.
“When bidding on projects with new companies and new countries, I noticed the information security requirements are high and getting higher and higher all the time, especially when more and more data leaks are getting into the media. People are concerned obviously.
Already compliant with GDPR due to their market position, Open Assessment Technologies found that companies were asking for more certifications—which quickly became time-consuming and inefficient for the team to manage.
“If we don't have the certifications, we get endless questionnaires that take us a very long time to answer because all the questions are different.”
Without ISO 27001 certification specifically, Open Assessment Technologies risked losing contracts, as many prospects required proof of certification to do business.
“60% of new contracts were asking for ISO 27001 certification or wanting us to supply all the answers to satisfy their information security requirements. We could not continue without certification.”
With the scope and complexity of information security and compliance requirements escalating, they recognized internal gaps in their processes that made certification necessary.
“A couple of years ago, we could get away with, ‘We're operating in the sense or the spirit of ISO 27001.’ But then we got more and more questions. I realized there was a lot of work to be done on our side. That’s why we decided to seek certification.”
Hans developed a shortlist of vendors based on a Google search. Price was important, followed by the integrations offered that would allow his team to save time. He narrowed it down to two companies.
“The reason we picked Secureframe was that we didn’t like the attitude of the other company, which was clearly trying to achieve its sales goals for the quarter. They were pushing us very hard.”
Impressed with Secureframe’s more supportive and positive approach that let the product speak for itself, Hans and the team onboarded, feeling confident they could reach out for guidance when needed and lean on their account managers.
“The onboarding was very easy for such a big project. It touched every part of our organization. Everybody has a Secureframe account, and everybody's still using it.”
Because Secureframe provided seamless integrations with platforms like Google Cloud Platform and AWS, Open Assessment Technologies could see exactly what they needed to do to become compliant.
“The integrations were really good. They did a great job of giving us all the tests we needed and risks that we needed to address. This made Secureframe a very usable, very fitting solution for us.”
Secureframe’s automated tests along with its task management capabilities enabled Horst to quickly and easily identify gaps and assign tasks across the organization to fill those gaps. This was the biggest benefit for Open Assessment Technologies since they didn’t have anybody who was an expert on ISO 27001 and knew what to do.
“Normally, you would hire an external consultant, but we didn’t want to do that. From past experience, we knew that maybe one or two people could get more familiar with the standard but then we’d have big discussions about interpretation and lose a lot of time. We knew Secureframe could take on that role instead and make it very clear what needed to be done.”
When it came to audit readiness, ongoing support from Secureframe's customer support team ensured that Hans and his team had expert guidance throughout the process.
“The best thing was that we felt that you guys really understood the ISO certification. There were a lot of former auditors at Secureframe. So, we felt that we were really working towards the certification without any time wasted,” he says. “We also had regular check-ins with our customer success manager, Nickson Jean Baptiste. I felt that I basically had a permanent consultant that was guiding me towards the success of the certification.”
Thanks to the support from their dedicated success manager and technical support staff, Hans felt more than ready for the certification process.
“We did an internal audit and the two audits that followed from there. Based on feedback and results, we were more than ready for the audit. We only had some minor things that we needed to supply. It was very smooth sailing.”
With Secureframe, Hans and the team successfully achieved ISO certification before their self-imposed deadline.
As a result, they spend less time answering repetitive security questionnaires, saving valuable team resources.
“Secureframe means less time wasted on security questionnaires. Now we can easily share our certificate.”
This also allowed the company to bid on and secure larger contracts previously blocked due to a lack of certification.
“We've managed to secure three multi-million dollar contracts as a result of our ISO 27001 certification. And it opens us up to more contracts or RFPs that we can bid on.”
Achieving certification also gave Open Assessment Technologies an advantage over competitors who had not yet attained similar security credentials.
“We know that our competitors are not certified yet. So it gives us an edge, which the sales team is very happy about, and they will definitely go out of their way to share that we are certified and how important the certification is to the client.”
Without Secureframe, Hans thinks the company would be unable to run sales and feels the company’s business continuity has been preserved. Now, they can meet the security expectations of both current and prospective clients, resulting in future growth opportunities.
“I would recommend Secureframe and have to several people already because I’ve had a very positive experience. I never had a moment where I thought it was cumbersome or regretted the decision.”
