When you manage an application where customers not only store their own data but also their customers' data, watertight security is an absolute necessity. That's what [company name] also realized CORPOflow, the online application for the sale, rental, and management of real estate within corporations.
In 2025, they joined forces with Nestor Security to implement ISO 27001 certification and structurally strengthen their information security. In this customer case, we'll guide you through the process.
Information security as a hard requirement
For CORPOflow, information security is intrinsically linked to their daily operations. The organization manages not only corporate data from housing associations but also personal data of thousands of individuals. Pascal Kamphuis, Founder of CORPOflow, explains: “Our clients put their data into our system. Then we *have* to make sure it doesn't end up on the street.” The risk of reputational damage and potential loss of customers makes security a structurally high priority.
Although attention to information security within the organization has always been present, CORPOflow notices that pressure from the outside world has increased significantly in recent years. “Organizations are increasingly demanding information security and conducting more frequent checks. This development makes it necessary for us to continue developing..” New laws and regulations also lead to stricter conditions from customers, and sometimes an ISO certification is even a hard requirement.
Practical integration and involvement
Although CORPOflow already had a mature approach to information security, the step towards ISO certification required a different focus. Pascal explains: “Of course, we've always made sure that external parties couldn't penetrate our software. From ISO 27001, we actually had to focus more on the policy-based documentation of our security.”
An important part of ISO 27001 is setting up and implementing an Information Security Management System (ISMS): a structured approach that allows organizations to systematically manage and protect personal data and other sensitive information. For CORPOflow, usability was crucial in this regard. “The ISMS really had to be integrated into our work processes.” Pascal explains. “Nestor Security advised us well on this. In addition, it was great that a large portion of our colleagues were very involved.”
This combination of practical integration and internal commitment formed the basis for an efficient certification process.
In the ISMS, CORPOflow has documented that an annual pentest is performed so that they can demonstrate to clients that their software remains secure. The pentest was carried out by our partner Warpnet. Pascal looks back on that collaboration with satisfaction: “The contact with Warpnet was very good. Our own programmer worked closely with the ethical hacker.”As with practically every test, areas for improvement emerged.“Penetration tests almost always reveal weaknesses; it's a risk assessment you have to make. We also always share the report with our clients,”according to Pascal. This underscores CORPOflow's transparent and mature approach to software security.".
Pragmatic and down-to-earth cooperation
Although CORPOflow already met the ISO 27001 standard in many aspects, they consciously chose external support. “It was uncharted territory for us.” Pascal recounts. “We didn't know where to start or what to pay attention to. We didn't want to wait for an audit to see if we had covered all the points. Without Nestor Security, the process would have taken longer and we probably would have missed a few points.”
That confidence proved to be well-placed: the external audit went almost flawlessly. CORPOflow emerged with 0 findings and only 1 recommendation – the lightest possible correction category. According to Pascal, that result is mainly due to the smooth collaboration and, naturally, because CORPOflow already had information security well under control before the ISO certification process began. “The lines with Nestor Security were short. The organization is pragmatic and a down-to-earth party to do business with. This made the process run smoothly and quite quickly.”
Why organizations should invest time in information security, according to Pascal? His answer is clear: “Partly because customers ask for it. But it's mainly very good for seeing where you can improve. That takes a lot of time once, but afterwards you stay up-to-date.”
Over CORPOflow
CORPOflow builds smart software for housing corporations to manage, sell, and rent out homes, manage commercial real estate, rent out student rooms, and rent out parking facilities. With proprietary workflows, progress monitoring, digitalization, and efficient operations.
Curious how we can help you with your ISO 27001 implementation? Contact us!