At the very end of 2025, on December 31st, 2025, VELO (PT NetToCyber Indonesia) officially achieved the prestigious ISO 27001 certification.
The certification recommendation was issued by BSI Group after a long and demanding assessment process that required months of preparation, coordination, and dedication from VELO’s internal ISO team.
What is ISO 27001?
SO 27001, formally known as ISO/IEC 27001, is an international standard for Information Security Management Systems (ISMS).
It provides a structured framework for organizations to protect their information assets through policies, procedures, risk management, and security controls.
The standard is jointly published by ISO and the International Electrotechnical Commission.
What ISO 27001 Covers?
ISO 27001 focuses on protecting three main aspects of information security:
- Confidentiality — ensuring information is only accessible to authorized people.
- Integrity — ensuring data remains accurate and unaltered.
- Availability — ensuring systems and information remain accessible when needed.
Starting the Journey
The journey began in July 2025. Guided by external consultants, the ISO team started a comprehensive review of all operational processes related to the requirements of ISO 27001.
Every workflow was carefully evaluated to ensure alignment with existing Standard Operating Procedures (SOPs). Whenever inconsistencies were found, the SOPs were revised and improved. In cases where operational activities had not yet been formally documented, entirely new SOPs were developed.
Building Stronger Processes and Documentation
Beyond documentation, the team also worked intensively to design supporting forms, reporting templates, and approval mechanisms required to ensure compliance with the information security management framework.
Another critical aspect of the preparation involved strengthening transactional processes with customers and supporting vendors, ensuring that all engagements were backed by clear legal documentation capable of protecting the interests of VELO and all related parties.
Infrastructure and System Readiness
Meanwhile, the Network Operation Support (NOS) team played a crucial role in ensuring that all infrastructure, devices, and systems complied with standardized security configurations.
In several cases, this required additional equipment deployment and reconfiguration of existing systems to meet the expected standards.
Collecting Operational Evidence
One of the most demanding parts of the certification process was not only creating documentation, but also proving that the documented procedures were consistently implemented in daily operations.
To support the audit process, the team diligently archived system performance logs, data center visitor records, maintenance and change activity logs, as well as incident and error reports. These records became essential evidence demonstrating operational compliance with the established SOPs.
A Full-Team Commitment
The certification effort quickly became a top organizational priority. Team members worked full days and frequently extended their efforts beyond normal working hours.
Due to the importance of the project, management even instructed key personnel involved in the certification process to postpone leave requests until the audit was completed.
The Final Result
At the end of the audit process, following a modest but meaningful celebration, the BSI audit team officially granted “Recommended” status for PT NetToCyber Indonesia to receive ISO 27001 certification.
During the celebration, VELO’s management also expressed appreciation to individuals and teams who made significant contributions throughout the journey.
A New Milestone for VELO
Achieving ISO 27001 certification marks an important milestone for VELO, reflecting the company’s commitment to information security, operational excellence, and continuous improvement.
Congratulations to VELO on this remarkable achievement!