What exactly is it that ORTEC does?
ORTEC combines data and mathematics worldwide to create value for diverse organizations and society as a whole. Our staff does so by optimizing business processes for our customers in a unique way, making them more efficient, flexible and sustainable. ORTEC and Awareways crossed paths several times before joining forces in 2018. We are still working together, and a lot of progress has been made since.
Security and privacy
From the outset, there was a desire within ORTEC to work on awareness of security and privacy. ‘In the context of ISO 27001 certification, the need arose to devote even more attention to these subjects’, explains Jet Woudstra, Compliance & Quality Officer at ORTEC.
“The culture scan baseline measurement was a good starting point at the start of the program. This was followed by annual follow-up measurements, which clearly showed that information and privacy awareness among employees had grown.”
What’s the role of management in awareness and behavioral change?
“In collaboration with Awareways, we offer employees security awareness training and conduct phishing simulations. Monitoring the results is very important here. Managers are sometimes surprised by the results and want to act immediately. They take results into account when they meet with their team. The agreement at ORTEC is that the subject of security is included in team meetings at least once every quarter.”
“The most important result we’ve achieved by getting managers involved is that they start talking to their teams about security during meetings. No training can match the result of creating a situation in which people are actually talking to each other about the subject.”
– Jet Woudstra, Compliance & Quality Officer at ORTEC.
“Managers often don’t know how to frame security as a subject in these meetings. But in reality, it turns out that they often do have points to make. And so do the employees. Only then do conversations come up that really contribute to awareness and behavioral change in the field of information security. This is much more effective than just communicating the results via intranet, where you don’t reach everyone anyway. Within each team, security & privacy contacts have been appointed who are responsible for these topics. Colleagues from the team can go to them when they have questions about working safely with information. Usually, the focal points also provide input for the team meetings.”