Earlier this week, we gathered customers, partners, and network members for a coffee moment to celebrate an important milestone for ATR: our newly awarded ISO 27001 certification. The event was part celebration, part reflection, and part discussion about how software development continues to evolve as teams move from basic AI assistance toward more advanced, agent driven ways of working.
For those who joined us, and for everyone who was invited but could not make it, here is a short recap of what we covered and why it matters.
Why ISO 27001 and Why Now
ISO 27001 is an information security management standard that focuses on risk based, systematic security practices. These are supported by documented policies, defined roles, measurement, monitoring, and continual improvement, all verified through independent third-party audits.
In our case, the level of security from a technical and practical perspective was already good. Many processes were followed in day-to-day work, but they were not consistently documented, information security objectives were not always clearly defined, and documentation requirements were only partially fulfilled.
Over roughly a year, the journey included:
- A detailed gap analysis
- Writing and reviewing policies and documented processes
- Implementing and updating controls
- Internal training
- A pre audit and final certification audit
Along the way, we learned that since information security documentation is not just about compliance, but about influencing behavior, internal communication is critical. We also learned the importance of balancing security and friction: applying strong controls based on risk while ensuring everyday work remains practical and efficient.
For customers, the outcome is simple. ISO 27001 provides independently verified assurance that information security is handled systematically, reducing supplier risk and making security alignment easier in regulated environments.
Software Development in the Era of AI
The second part of the event focused on how AI is already changing software development. AI is enabling:
- Faster prototyping and iteration
- Earlier detection of bugs, vulnerabilities, and configuration issues
- Improved test coverage and more efficient regression testing
- Faster onboarding of new team members
As a result, developers are spending less time on low level implementation and more time on architecture, threat modeling, reviewing, and guiding solutions.
For us, security comes before speed, because we work with industrial customers and other organizations in regulated domains. At least at this stage, human review therefore remains mandatory. Also automatically monitoring and scanning supply chain risks becomes more critical. AI can pull third party libraries into a project, including components that later turn out to be vulnerable or even malicious.
From an ISO 27001 perspective, AI tools are treated like any other third party service. They require clear policies, defined controls, and regular evaluation.
Where the Industry Is Heading
Looking forward, several trends are becoming evident:
- Agent based AI will require broader access, increasing the need for governance, role-based access control, audit trails, and transparency
- Software security is moving toward an AI versus AI reality, where defenders also rely on AI
- Testing and security are shifting earlier in the development lifecycle
- Natural language interfaces will involve more non developers, increasing demands on maintainability and security practices
AI removes friction from development, but it also makes structured governance and security practices essential.
AI Across the Software Lifecycle
Finally, we looked at how AI impacts the full software lifecycle.
In definition and design, faster iteration through visual demos and user flows makes it possible to align before committing to implementation. In delivery and build, AI assisted development allows teams to focus more on quality, architecture, and risk management. In maintenance and updates, automated testing combined with human review leads to safer, faster, and more predictable upgrades.
Together, these changes make it possible to rethink long held assumptions around cost, quality, and even the buy versus build decision. Previously, there were often good reasons to buy software products instead of building them, as maintenance costs, especially technology upgrades, tended to be high relative to the value they provided. With AI, the delivery of business specific solutions is faster, and maintaining in-house solutions becomes more cost efficient.
As a result, unique in-house software that supports your own processes and builds differentiation becomes relevant again.
Thank You and Happy May Day
Thank you to everyone who joined us to celebrate, ask questions, and share perspectives. The discussions continued well beyond the presentations, which we take as the best possible sign of a meaningful event.
And to everyone else who was invited, we hope this recap gives you a clear picture of what we wanted to share.
Wishing you all a wonderful May Day, and thank you for being part of the journey!
