Months of preparation, two audits in December 2025 and now the results are in: We have officially achieved the ISO 27001 certification — the internationally recognized standard for information security management systems (ISMS).
That we’re committed to protecting the integrity, confidentiality, and availability of the data entrusted to us by our customers in the pharmaceutical industry is nothing new. But reaching this milestone is still a source of immense pride.
“This certification is a promise to our customers that we take information security as seriously as they do,” says Michel Seidelin, CEO.
Compliance is also about IT security
For companies in the pharmaceutical sector, the ISO 27001 certification supports compliance with critical regulatory frameworks such as GxP, 21 CFR Part 11, NIS2 and GDPR.
It ensures that systems and processes meet rigorous standards for data integrity, access control, audit readiness, and business continuity — all of which are essential for maintaining trust and meeting regulatory expectations.
“Our customers operate in highly regulated, high-stakes environments,” adds Michel Seidelin. “By achieving ISO 27001, we’re helping reduce their vendor qualification burden and giving them one less risk to manage.”
ISO 27001 at a glance
The certification confirms that we have implemented a comprehensive information security management system, including:
– Risk-based security controls
– Access and authentication management
– Data encryption and backup procedures
– Incident response and disaster recovery planning
– Continuous monitoring and improvement
These controls are audited annually by an independent certification body, ensuring that our practices remain aligned with evolving threats and best practices.
With this new certification, we now hold ISO 9001, 14001 and 27001 certifications – all crucial for our customers in regulated industries.
Next up: EU’s Cyber Resilience Act
“Security is not just an IT issue — it’s a company-wide responsibility,” says Michel Seidelin. “We’re proud of this achievement, and we’ll keep raising the bar to support our customers’ success.”
And with Cyber Resilience Act, which regulates digital product security across the EU coming into full effect in 2027, there’s more work to be done.
CTO Jeppe Badstue says: “For us, CRA compliance is a natural extension of building secure, trustworthy products. So, it’s very much in line with what we’ve been doing for decades.”
Preparations are already well underway and include embedding security‑by‑design across our software lifecycle, strengthening vulnerability management and SBOM practices, and ensuring clear governance and documentation.
_____________________
For more information, please contact:
Michel Seidelin, MSc, PhD
CEO
Tel. no. +45 2686 7676