Axenix audited for compliance of information security management system with ISO 27001 standard

2025: Audit for compliance of information security management system with ISO 27001 requirements

Consulting technology company Axenix has been audited for compliance of the information security management system with the requirements of the international standard ISO 27001. Certification confirms that the processes of creating, implementing and developing information security in the company comply with the best world practices. Axenix announced this on November 1, 2025.

Certificates obtained by Axenix are confirmed by EUROCERT S.A., an independent European certification organization with its head office in Athens, Greece, accredited by the national ESYD system and operating in more than 20 countries worldwide.

On the one hand, this is our internal desire to systematically manage information security. On the other hand, a market request: customers and partners are increasingly paying attention to the presence of confirmed information security management standards. Therefore, for us it is also an increase in the level of trust and ensuring a competitive advantage.

In 2022, after separating from the international company Accenture, Axenix completely rebuilt its IT infrastructure. At the same time, information security standards were laid down in the updated IT landscape as the basis for subsequently implementing a systematic approach and certification. This approach was especially important in the transition to a hybrid mode of operation - Axenix employees connect remotely using a variety of communication tools - as well as the active implementation of cloud tools, which requires additional protection. In addition, the need for a systematic information security approach was due to the strengthening of global and Russian requirements for the storage, processing and protection of personal data.

The certification process according to the international standard ISO 27001 consists of several consecutive stages. First, an information security policy is developed, the scope of the management system is determined, risk assessment and control measures are established. At the next stage, documentation is created that meets the requirements of the standard, procedures and instructions for critical processes are developed. Then, at the implementation stage, procedures and policies are implemented in everyday activities, and employees are trained. Finally, an internal audit is required prior to a certification audit. In general, preparation for certification at Axenix took about a year and a half.

The certification audit process itself consisted of three stages:

• Assessment of technical and organizational measures: auditors conducted a detailed analysis of internal processes, focusing on the effectiveness of implemented mechanisms, including an assessment of the architecture of information security systems, risk management processes and the integration of information security policies into operational activities.
• Field survey in the field: accredited specialists carried out field inspections at the company's offices, where they conducted an audit of the functioning of the infrastructure - from network configurations to monitoring and incident response tools - providing a real assessment of the practical implementation of security measures.
• Correction of the identified comments and final confirmation of compliance: in response to the recommendations of the auditors, the company introduced the necessary adjustments, including refinements of procedures and strengthening of control points.

Dmitry Tyagunov noted that certification not only helped the company build processes in terms of IT infrastructure, but also contributed to the standardization of operations, clarification of roles and responsibilities. For example, standards for ensuring the security of work computers, the regime for visitors, the storage of passes, roles and responsibilities in relations with suppliers, and much more were regulated.

The certificate is issued for a period of three years. Every year the company intends to confirm its compliance by passing inspection audits, and after three years - the recertification procedure. Work according to international standards is part of Axenix's long-term development strategy in the field of information security.