Aiven Blog

Jun 4, 2018

Aiven earns ISO 27001 certification

Aiven is now among the very few DBaaS providers to hold the ISO 27001 certification. Find out the what, how, and why.


Heikki Nousiainen

|RSS Feed

Chief Technology Officer at Aiven

Aiven is committed to providing all of our services with the highest level of information security. As a testament to that promise, we’re proud to announce that our Information Security Management System is now ISO/IEC 27001:2013 certified!

If you'd like to have a look at the certificate, please go to our Security page.

As per standard, we have implemented and operate an Information Security Management System (ISMS) that drives and mandates us to:

  • Systematically and continuously evaluate Information Security risks, considering impact and likelihood of the threats and vulnerabilities,
  • design, implement and operate a comprehensive set of information security controls to address security risks, and
  • have a management process in place to review and assess the performance and the suitability of the Information Security Management System on an ongoing basis.

Now that you have a high-level view of our ISMS and how it pertains to ISO/IEC 27001, let’s briefly cover what ISO and its ISO/IEC 27001:2013 security standard are, and why we underwent certification.

What’s ISO and ISO/IEC 27001:2013?

The International Organization for Standardization (ISO) is an independent, non-governmental organization that,

...develops voluntary, consensus-based and market relevant International ensure quality, safety and efficiency.

Meanwhile, ISO/IEC 27001:2013 is its information security standard providing requirements for implementing and maintaining an Information Security Management System (ISMS). It requires a systematic and continuous risk management process that ensures the confidentiality, integrity and availability of information.

If you meet the requirements, you are able to undergo a certification audit by an independent, accredited certification body. The audit is rigorous, involving,

  1. Documentation, policies and processes review,
  2. Verification of evidence and records, and
  3. Personnel interviews.

But, it doesn’t end with certification. Once certified, you are subject to a three year cycle comprised of two annual surveillance audits and a recertification audit on year three to ensure continued compliance.

Why did we undergo ISO27001 certification?

Although our founders’ backgrounds are in information security, we are acutely aware of customer concerns over the security of their sensitive information—especially when evaluating whether or not to do business with an SME.

Certifying, especially under ISO27001, was not only an opportunity for us to test our knowledge and procedures, but to give current and potential customers confidence that we are capable of providing thorough information security.

Not to mention that the necessary steps to earn certification also help perpetuate a culture where information security is on the mind of everyone in our organization, no matter the role. And believe us, we all care for your information security!

Where is more information and what’s next?

Feel free to check out the certificate on our security and compliance page. As for what’s next, we will continue to uphold our end when managing and protecting your data; with or without certificates.

We will continue to pursue additional certifications to further demonstrate our capabilities and commitment to information security.

Wrapping up

Not using Aiven services yet? Sign up now for your free trial at!

In the meantime, make sure you follow our changelog and blog RSS feeds or our LinkedIn and Twitter accounts to stay up-to-date with product and feature-related news.

Subscribe to the Aiven newsletter

All things open source, plus our product updates and news in a monthly newsletter.

Related resources