In 2018 we started the process of becoming ISO 27001 certified. In this blog we’ll keep you up to speed on how that process is going.
Why ISO 27001?
At CMNTY we take security very seriously. We believe that our community platforms and the personal data they might host, deserve the highest grade of security. That’s for example why we regularly introduce new security and privacy related features in our platform. To ensure maximum security, but also to allow you to comply with local laws and regulations.
We compiled a complete list of all security and privacy related measures we offer on our corporate website. And meanwhile, we have been working on becoming ISO 27001 certified as an organization.
Security Management System
ISO/IEC 27001 specifies an information security management system (ISMS) that is intended to bring information security under management control. It has specific requirements. Organizations need to be audited by an independent accredited body to prove they are actually following these requirements.
During the last two quarters of 2018 we implemented the management system and performed a complete internal audit on our organization. Following our internal audit, we invited an auditor to do start the external auditing process.
UPDATE: External Audits
In the first week of January 2019 we had a successful external audit which was performed by BSI Group. This same company will also perform the second part of the audit again mid February 2019. After the February audit, we expect to be fully ISO 27001 certified, with a certificate being given out at the end of Q1 2019.
Meanwhile, to further improve the protection of our platforms, we implemented a default way to report security incidents, data breaches and vulnerabilities to our security team. You can read more about this in our support article.
Questions About ISO?
If you’d like to speak to someone about our ISO 27001 process, or have other security related questions, please contact us.