Jun 4, 2018
Aiven earns ISO 27001 certification
Aiven is now among the very few DBaaS providers to hold the ISO 27001 certification. Find out the what, how, and why.
Aiven is committed to providing all of our services with the highest level of information security. As a testament to that promise, we’re proud to announce that our Information Security Management System is now ISO/IEC 27001:2013 certified!
If you'd like to have a look at the certificate, please go to our Security page.
As per standard, we have implemented and operate an Information Security Management System (ISMS) that drives and mandates us to:
- Systematically and continuously evaluate Information Security risks, considering impact and likelihood of the threats and vulnerabilities,
- design, implement and operate a comprehensive set of information security controls to address security risks, and
- have a management process in place to review and assess the performance and the suitability of the Information Security Management System on an ongoing basis.
Now that you have a high-level view of our ISMS and how it pertains to ISO/IEC 27001, let’s briefly cover what ISO and its ISO/IEC 27001:2013 security standard are, and why we underwent certification.
What’s ISO and ISO/IEC 27001:2013?
The International Organization for Standardization (ISO) is an independent, non-governmental organization that,
...develops voluntary, consensus-based and market relevant International Standards...to ensure quality, safety and efficiency.
Meanwhile, ISO/IEC 27001:2013 is its information security standard providing requirements for implementing and maintaining an Information Security Management System (ISMS). It requires a systematic and continuous risk management process that ensures the confidentiality, integrity and availability of information.
If you meet the requirements, you are able to undergo a certification audit by an independent, accredited certification body. The audit is rigorous, involving,
- Documentation, policies and processes review,
- Verification of evidence and records, and
- Personnel interviews.
But, it doesn’t end with certification. Once certified, you are subject to a three year cycle comprised of two annual surveillance audits and a recertification audit on year three to ensure continued compliance.
Why did we undergo ISO27001 certification?
Although our founders’ backgrounds are in information security, we are acutely aware of customer concerns over the security of their sensitive information—especially when evaluating whether or not to do business with an SME.
Certifying, especially under ISO27001, was not only an opportunity for us to test our knowledge and procedures, but to give current and potential customers confidence that we are capable of providing thorough information security.
Not to mention that the necessary steps to earn certification also help perpetuate a culture where information security is on the mind of everyone in our organization, no matter the role. And believe us, we all care for your information security!
Where is more information and what’s next?
Feel free to check out the certificate on our security and compliance page. As for what’s next, we will continue to uphold our end when managing and protecting your data; with or without certificates.
We will continue to pursue additional certifications to further demonstrate our capabilities and commitment to information security.
Not using Aiven services yet? Sign up now for your free trial at https://console.aiven.io/signup!
In the meantime, make sure you follow our changelog and blog RSS feeds or our LinkedIn and Twitter accounts to stay up-to-date with product and feature-related news.
Feb 16, 2021
PostgreSQL 13 makes life easier with improvements to indexing, sorting, and vacuuming. Read on to learn how it makes your datasets cleaner and queries faster.
Mar 17, 2021
We don’t like to think about disasters, but sometimes they just happen. Find out how you should prepare your data for the worst, even while hoping for the best.
Chris & James
Sep 27, 2021
Aiven is happy to announce the newest arrival on the OpenSearch scene! Read more about Aiven for OpenSearch® and how to upgrade from Elasticsearch.
Subscribe to the Aiven newsletter
All things open source, plus our product updates and news in a monthly newsletter.