Aiven is now among the very few DBaaS providers to hold the ISO 27001 certification. Find out the what, how, and why.
Heikki Nousiainen
|RSS FeedChief Technology Officer at Aiven
Subscribe for the latest news and insights on open source, Aiven offerings, and more.
Aiven is committed to providing all of our services with the highest level of information security. As a testament to that promise, we’re proud to announce that our Information Security Management System is now ISO/IEC 27001:2013 certified!
If you'd like to have a look at the certificate, please go to our Security page.
As per standard, we have implemented and operate an Information Security Management System (ISMS) that drives and mandates us to:
Now that you have a high-level view of our ISMS and how it pertains to ISO/IEC 27001, let’s briefly cover what ISO and its ISO/IEC 27001:2013 security standard are, and why we underwent certification.
The International Organization for Standardization (ISO) is an independent, non-governmental organization that,
...develops voluntary, consensus-based and market relevant International Standards...to ensure quality, safety and efficiency.
Meanwhile, ISO/IEC 27001:2013 is its information security standard providing requirements for implementing and maintaining an Information Security Management System (ISMS). It requires a systematic and continuous risk management process that ensures the confidentiality, integrity and availability of information.
If you meet the requirements, you are able to undergo a certification audit by an independent, accredited certification body. The audit is rigorous, involving,
But, it doesn’t end with certification. Once certified, you are subject to a three year cycle comprised of two annual surveillance audits and a recertification audit on year three to ensure continued compliance.
Although our founders’ backgrounds are in information security, we are acutely aware of customer concerns over the security of their sensitive information—especially when evaluating whether or not to do business with an SME.
Certifying, especially under ISO27001, was not only an opportunity for us to test our knowledge and procedures, but to give current and potential customers confidence that we are capable of providing thorough information security.
Not to mention that the necessary steps to earn certification also help perpetuate a culture where information security is on the mind of everyone in our organization, no matter the role. And believe us, we all care for your information security!
Feel free to check out the certificate on our security and compliance page. As for what’s next, we will continue to uphold our end when managing and protecting your data; with or without certificates.
We will continue to pursue additional certifications to further demonstrate our capabilities and commitment to information security.
Not using Aiven services yet? Sign up now for your free trial at https://console.aiven.io/signup!
In the meantime, make sure you follow our changelog and blog RSS feeds or our LinkedIn and Twitter accounts to stay up-to-date with product and feature-related news.
