3 min

Allego and Kiwa – securing a cleaner, greener world

Founded in 2013 in the Netherlands by grid operator Alliander, Allego is the leading European public Electric Vehicle (EV) charging network, built to create and promote a world where everyone drives electric.

As the market matured and data flows became more complex, the growing company moved into the commercial sector. It now delivers its reliable, accessible charging solutions to companies and consumers throughout Europe, and is listed on the New York Stock Exchange.

Allego’s vision is a zero-emission environment where anyone with an electric car, bus, or truck can charge whenever and wherever they need to. Its international network extends to more than 28,000 public charging ports and will soon reach one billion charging sessions per month.

This fast-growing business generates a vast amount of financial and personal data: to demonstrate its commitment to the highest standards of information security management, Allego has achieved ISO 27001 certification throughout its operations, in an ongoing partnership with Kiwa.

A key player in the EV market

Allego’s physical and data infrastructure, scalability, and seamless charging experience are the key to a cleaner, greener future.

It’s active in fourteen countries, delivering charging that can be used by any electric vehicle and every EV driver, and connecting its smart charging solutions to its EV-Cloud to support flexible services that meet the needs of each local market. As well as selling and managing charging points for commercial locations such as hotels and restaurant chains, Allego has its own branded units in busy locations.

From regular overnight charging to ultrafast units, when there’s always a charger nearby the freedom of electric driving is equally available for longer journeys and short trips around town.

Data, data, and more data

Every public charger session produces data, depending on ownership, user, and location.

When someone uses a charger with a swipe or debit card, the session generates payment and card details and energy used. Where charging points are sited at supermarkets, reimbursement to the operator and the location owner creates a double data flow. In the case of car leasing with home chargers, the lease company is invoiced for the electricity, and the homeowner is reimbursed.

Allego-car-charging.jpg

These different models and patterns of use generate complex data flows. Thousands of endpoints and connections must be secured against daily attack, including charging stations, offices, devices, cloud-based back offices, and portals for companies, locations, and fleets.

And the risks are not confined to data, functionality, and communications. As the number of chargers grows, malicious action could impact transport and the supply chain or threaten the electricity grid itself.

ISO 27001 is the international standard for information security. Alongside its brand values and reputation, certification formalises an organisation’s commitment to quality and reassures stakeholders that everything is in order and constantly reviewed, tracked, monitored, and updated. This confidence is invaluable for marketing and building trust.

Allego’s ISO 27001 status demonstrates that its services, personnel, and processes comply with relevant laws and regulations, and provides objective evidence of its security procedures.

Allego and Kiwa – perfectly aligned

The partnership with Kiwa began during Allego’s early days as a no-frills charge point operator and follows the three-year ISO 27001 certification life cycle and the mandatory audit process.

The first-year (initial) audit ensures the company aligns with certification guidelines. This is followed by regular monitoring, training, security challenges, and testing. After the final year closing audit, the cycle begins again.

Allego is also certified for ISO 14001, ISO 9001, and ISO 45001, and there’s a focus on creating efficiencies by aligning the high-level structure (HLS) of different schemes and protocols.

Jeroen de Kuijer, Allego’s Director of Internal Audit, has worked with Kiwa from the start and sees it as a productive and complementary relationship: “Kiwa and Allego are both flexible, rapidly evolving businesses, with a mutual understanding of change and a commitment to respect bureaucracy in the context of growth and innovation.

“Kiwa’s outstanding technical, legal, and regulatory knowledge assures us of an impartial and thoroughly-grounded evaluation, and we appreciate the proactive support and teamwork they provide throughout each certification period."

“Their agile and responsive approach is in line with our own. We like how they combine meticulous analysis with short lines of communication and openness to change, defining and implementing a new, detailed plan each year.”

The ISO 27001 cycle

ISO 27001 is the international standard for information security. Certification is recognised worldwide and provides a framework for operating, monitoring, and improving information security management systems (ISMS) via personnel, technology, and processes. It defines best practice, and formalises and centralises policy and systems, creating trust, and managing risk.

By basing processes on risk assessment and analysis, ISO 27001 helps to streamline systems, control costs, and flag up duplicate actions and incompatible technology. Benefits for the wider organisation include universal awareness of risk and best practice, identification of Inefficiencies and knowledge gaps, and better employee engagement.

Almost any kind of information or format can be included: intellectual property, commercial secrets, designs and drawings, paper documents, images, financial information, personal information, and data on devices, in back-up systems, and in the cloud.

ISO 27001 is complemented by ISO 27002, a set of closely-linked practical ISMS guidelines recently simplified to four themes: People, Physical, Technology and Organisation.

ISO 27001 certification lasts for three years, and the standards themselves are regularly reviewed and updated.