How we helped 1928 Diagnostics certify to ISO 27001

1928 Diagnostics develops and markets a cloud-based service for advanced DNA analysis of infectious bacteria, viruses and fungi. Since the customers are in the healthcare sector, where the requirements for information security and confidentiality are high, the company's management decided in 2021 to certify its management system against ISO 27001. Due to the covid situation at the time, the assignment was carried out entirely remotely.

Gothenburg-based 1928 Diagnostics uses advanced DNA analysis to map outbreaks and antibiotic resistance in hospitals. The hospitals take samples from patients with infections and then analyze them in their sequencing machines. The result is a raw data file that 1928 Diagnostics analyzes to determine which pathogens are involved, how virulent they are, whether they carry antibiotic-resistant genes, and whether there are different variants of the organisms.

The latter can be used to find out, for example, whether an outbreak started in a particular ward of a hospital or came from outside. In the latter case, there is no need to carry out extensive and expensive decontamination, which means major savings for the customer in question.

High requirements for information security

The tool used by 1928 Diagnostics is based on an innovative cloud solution, where customers can easily upload their analysis data and get quick answers. The requirements for security and confidentiality are very high, as the customers are in the healthcare sector.

– We provide a cloud service that processes personal health data, so it is both a contractual requirement from our customers that we should be able to protect their information and a competitive advantage in the market, says Susanne Staaf, CEO and co-founder of 1928 Diagnostics:

– The easiest way to meet the security requirements was to certify to the ISO 27001 standard, which also matches the US SOC requirements for information security.


Implementation of ISO 27001

The management of 1928 Diagnostics added internal resources to implement ISO 27001, but to ensure effective implementation, they also decided to hire a qualified consultant. After a thorough evaluation of the various options, CANEA was chosen as the supplier with Nicolas ter Wisscha as the management consultant.

– The decision was based on CANEA's proven experience and expertise in designing and implementing management systems based on the requirements of various standards, in this case ISO 27001, Susanne recalls.

1928 Diagnostics conducted a review of how they work and then built a system that supports the company's processes. This means that they can now visualize the work with information security, which in turn facilitates internal communication. Employees have gained a better understanding of their respective roles and how the business works.

– This work highlighted things that we already knew, such as that we were very dependent on our cloud provider. We have therefore started work on how to reduce that dependence, even though it is not the easiest thing to do. We have also had to polish some things in terms of data security, even though most of it was already in place, says Susanne.


The project was successful and resulted in 1928 Diagnostics achieving ISO 27001 certification within budget and within the specified timeframe of the assignment. It also led to several process improvements and a clearer and more effective management process. CANEA has continued to support 1928 Diagnostics' management with consulting expertise, internal audits, etc.

– We are very satisfied with the consultant's knowledge in terms of ISO 27001, data security and the technical aspects, which allowed us to have a very good communication. CANEA has helped us with the administration and to set up an Excel sheet for risk management and ensured that we had structures and established effective working methods. We are very satisfied, concludes Susanne Staaf.

Summary of what CANEA has done

  • Facilitated workshops and working meetings to identify and analyze risks.
  • Conducted practical tests of the business continuity plan.
  • Quality assured documentation.
  • Worked on strategic issues related to the company's management system.

”We are very satisfied with the consultant's knowledge in terms of ISO 27001, data security and technical aspects, which allowed us to have a very good communication.”

Susanne Staaf, CEO/Founder 1928 Diagnostics 

Interested in knowing more?

We create the right conditions for a vibrant management system with better opportunities to realize the strategy and increase profitability.