QPR Software: ISO 9001 and ISO 27001 Certifications Play a Crucial Role in Building Customer Trust

QPR Software, founded in 1991, is a Finnish software company specializing in business process development. QPR's product portfolio includes four software solutions, with QPR ProcessAnalyzer, focused on process mining, as its flagship product. Process mining analyses log data from information systems to reveal how business processes actually function, identifying anomalies and bottlenecks whose elimination can bring significant financial benefits.

We interviewed the company's CEO Heikki Veijola, Chief Operating Officer Mika Maliniemi, and Head of SW Development and Security Teemu Siipola. Our discussion covered the importance of information security in QPR's operations, the significance of ISO 9001 and ISO 27001 certifications in building customer trust, and the company's collaboration with Bureau Veritas. We also explored QPR's views on the potential of artificial intelligence, as well as the company's own future prospects and growth targets.

Information Security in a Critical Role

Information security has always been central to QPR's operations. "Our customers store important data in our systems, so the security of our products has been a priority from the start," says Mika Maliniemi.

The importance of information security has been emphasized with the proliferation of digitalization and cloud services. "As we moved to cloud services, we had to pay special attention to our practices to ensure the security of customer data," Maliniemi explains.

QPR's long history in the industry has provided a unique vantage point to observe the evolution of customer awareness regarding information security. "Compared to the company's early days in the 1990s, we've witnessed a massive change in how customers approach information security. Today, they're highly conscious about security and often require evidence that our security measures are up to par," notes Teemu Siipola.

To meet growing customer expectations and demonstrate its commitment to security, QPR has invested heavily in certifications and external assessments.

QPR's Certification Journey and Collaboration with Bureau Veritas

QPR Software has worked closely with Bureau Veritas on various certifications. In 2020, the company initiated the ISO 27001 certification process, which focuses on information security management systems.

"ISO 27001 certification was a natural step for us, as our operations were already largely compliant with the standard's requirements. It was important for us to prove our operational standards and demonstrate them externally," says Teemu Siipola.

QPR's management system is also certified according to the internationally recognized ISO 9001 standard.

"In recent years, we've combined ISO 27001 and ISO 9001 audits, which has proven to be an efficient approach," Mika Maliniemi states.

QPR has also passed the TISAX® (Trusted Information Security Assessment Exchange) evaluation, an information security assessment method developed specifically for the automotive industry. This assessment was conducted by Bureau Veritas' Swedish unit.

"These certifications and assessments are vital for us. They help us ensure the quality and security of our own processes, which is critical for our business," Heikki Veijola emphasizes, adding: "They also strengthen our customers' trust and are often even a decisive factor in choosing a service provider."

"The annual audits have been invaluable to us. They force us to continuously develop our management system and stay up-to-date in an ever-changing information security landscape," Mika Maliniemi adds.

Looking to the Future: Snowflake Integration and AI Driving Growth

QPR aims to grow significantly in the coming years, especially in the North American market. The company sees its Snowflake integration as a particular competitive advantage and growth enabler.

"QPR ProcessAnalyzer is currently the world's only fully native process mining software operating on Snowflake data. This allows analytics to be performed directly in the customer's data environment, saving time and costs, and reducing information security risks," Heikki Veijola explains.

The role of artificial intelligence will continue to grow in QPR's operations, both in product development and information security. "We have a comprehensive AI strategy, and we're already utilizing AI in cybersecurity, product security, and code review. In the future, we plan to further increase the benefits of AI, especially in threat detection and minimization," Mika Maliniemi concludes.