Aiven is committed to providing all of our services with the highest level of information security. As a testament to that promise, we’re proud to announce that our Information Security Management System is now ISO/IEC 27001:2013 certified.
As per the standard, we have implemented and operate an Information Security Management System (ISMS) that drives and mandates us to:
- Systematically and continuously evaluate Information Security risks, considering impact and likelihood of the threats and vulnerabilities,
- design, implement and operate a comprehensive set of information security controls to address security risks, and
- have a management process in place to review and assess the performance and the suitability of the Information Security Management System on an ongoing basis.
Now that you have a high-level view of our ISMS and how it pertains to ISO/IEC 27001, let’s briefly cover what ISO and its ISO/IEC 27001:2013 security standard are, and why we underwent certification.
What’s ISO and ISO/IEC 27001:2013?
The International Organization for Standardization (ISO) is an independent, non-governmental organization that,
...develops voluntary, consensus-based and market relevant International Standards...to ensure quality, safety and efficiency.
Meanwhile, ISO/IEC 27001:2013 is its information security standard providing requirements for implementing and maintaining an Information Security Management System (ISMS). It requires a systematic and continuous risk management process that ensures the confidentiality, integrity and availability of information.
If you meet the requirements, you are able to undergo a certification audit by an independent, accredited certification body. The audit is rigorous, involving,
1. Documentation, policies and processes review,
2. Verification of evidence and records, and
3. Personnel interviews.
But, it doesn’t end with certification. Once certified, you are subject to a three year cycle comprised of two annual surveillance audits and a recertification audit on year three to ensure continued compliance.
Why did we undergo ISO27001 certification?
Although our founders’ backgrounds are in information security, we are acutely aware of customer concerns over the security of their sensitive information—especially when evaluating whether or not to do business with an SME.
Certifying, especially under ISO27001, was not only an opportunity for us to test our knowledge and procedures, but to give current and potential customers confidence that we are capable of providing thorough information security.
Not to mention that the necessary steps to earn certification also help perpetuate a culture where information security is on the mind of everyone in our organization, no matter the role. And believe us, we all care for your information security!
Where is more information and what’s next?
Feel free to check out the certificate on our security and compliance page. As for what’s next, we will continue to uphold our end when managing and protecting your data; with or without certificates.
That said, we will continue to pursue additional certifications to further demonstrate our capabilities and commitment to information security. Therefore, our next certification process will be for SOC 2.
Stay up-to-date with us through our RSS feeds for our blog and/or changelog to know when that and other big news occur; likewise, you can follow us on Twitter or LinkedIn. In the meantime, check out our certificate here.