SAMPLEMED ACHIEVES THIRD ISO CERTIFICATION AND SHARES LESSONS LEARNED

In the business world, earning an ISO certification is often seen as a privilege reserved for large corporations. However, this kind of recognition is within reach for mid-sized companies as long as there is a solid strategy in place and commitment at every level.

Samplemed, a leading provider of technological solutions for the insurance sector, has reached a new milestone on its journey of excellence and reliability: the ISO/IEC 27001:2022 certification, internationally recognized as the top standard for information security management. This achievement further strengthens the company’s corporate governance and data protection efforts, reinforcing the trust of key clients such as Austral RE, CAIXA, and Icatu.

ISO 27001 is a globally recognized standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Samplemed has also obtained the ISO/IEC 27701 extension, which expands upon the original standard by adding specific guidelines for managing personal data privacy. This extension supports the implementation of a Privacy Information Management System (PIMS), essential for organizations handling sensitive data, especially under regulations like the European GDPR and the Brazilian LGPD.

Beyond the certification itself, the process brought valuable lessons about organizational culture, process structuring, and audit preparedness. In this article, we share some key insights provided by the Samplemed team to inspire and guide other companies on a similar path.

How to prepare for ISO certification?

According to Rodrigo Leão, Samplemed’s Operations and Quality Manager, a well-structured Human Resources department is one of the essential starting points. HR serves as the foundation for several of the standard’s mandatory criteria.

“One of ISO’s mandatory requirements is having an HR function with established processes for hiring, training, termination, and payroll. You need to demonstrate clear
evidence to auditors or certifiers that these processes are in place,” explains Rodrigo.

Another critical factor is the preparation time. For Samplemed, the journey toward their first ISO certification took just over a year. The company had to adapt at all levels—something that can’t be forced. The change must be organic and cultural, reaching across the entire operation.

Quality at the Core

The most recent certification was driven by a strategic partnership with Daryus Consultoria, which helped adapt the security controls to the specific realities of the
insurance sector.

“Daryus brought more than technical controls, they helped embed security into our corporate culture,” emphasizes Silas Kasahaya, CEO of Samplemed.

The ISO/IEC 27001:2022 version introduced significant updates, especially regarding cybersecurity, data privacy, and modern internal control practices. The certification reinforces Samplemed’s commitment to safeguarding sensitive information and readiness to tackle current technological risks.

And what about maintenance? Do ISO certifications expire?

Many companies question the validity of ISO certifications. For example, ISO 9001:2015, also obtained by Samplemed, includes the year “2015” not as the certification date but as the latest version of the standard.

“People often think that if the number is from 2015, the certificate is outdated. But there’s a global committee that reviews the standards annually. When a new version is released, the company must adapt to it,” Rodrigo clarifies.

ISO certifications serve as formal proof of quality and operational efficiency. More than meeting market demands, they demonstrate that a company has mature, traceable, and auditable processes—adding value for both clients and investors.

Samplemed’s journey proves that ISO certification isn’t just for large corporations. With planning, expert guidance, and a culture of continuous improvement, companies of all sizes can achieve this international recognition and turn their internal structures into a
true competitive advantage.

About Samplemed
Samplemed has been providing innovative solutions for the insurance and reinsurance industry for over 35 years, with a focus on intelligent automation in Life and Health underwriting. The innovative SaaS s.360 life underwriting redefines efficiency in risk analysis, bringing cutting-edge technology to support insurers in their mission to provide security and resilience.

For more information, visit: https://www.samplemed.com.br

About Daryus Consultoria
With over 17 years in the Brazilian market, Daryus Group is a recognized leader in consulting and education focused on Business Continuity, Risk Management, Information Security & Privacy, and Cybersecurity. The company supports both national and multinational organizations across various industries.

For more information, visit: https://www.daryus.com.br/consultoria