We are proud to inform you that as per March 1st, 2019, CMNTY Corporation is accredited with an ISO 27001:2013 certification. A process we started early 2018 and that touched on every aspect of our product and organization.
What is ISO 27001?
ISO 27001 is an information security standard published by the International Organization for Standardization (ISO). ISO 27001 specifies an information security management system (ISMS) that is intended to bring information security under management control and gives specific requirements. Organizations that meet the requirements may be certified by an accredited certification body following successful completion of an audit.
Why CMNTY Corporation Wanted to Become ISO 27001 Certified
At CMNTY we take security very seriously. We believe that our community platforms and the personal data they might host, deserve the highest grade of security. That’s why we regularly introduce new security and privacy related features in our platform. To give our clients full control over security, but also to enable them to comply with local laws and regulations. We’ve compiled a complete list of all security and privacy related measures here.
Now of course we can tell you we do our best, but we think there is great value in providing you with proof as well. That’s why we have been working on becoming ISO 27001 certified.
The Path to Certification
During the process of describing our organization and creating transparency in our business processes, we assessed whether there were sufficient (control) measures and resources (people, education, devices, IT infrastructure, etc.) in place. This so we could control or mitigate the risks following from our stakeholder- context- and information security risk analysis.
Measures and Periodic Reviews
In the areas where measures and resources proved to be insufficient, we have taken additional procedural, organizational and technical measures or provided the necessary resources. During periodic reviews we evaluate whether the management system is still capable of mitigating and controlling these risks and whether the provided resources are sufficient to meet these goals.
Following the setup of this system we performed internal audits. Next, we invited an external auditor of BSI Group to start the external auditing process. This auditing process took a full 3 days and was successfully completed in February 2019. Find us in their certificate client directory.
Of course, organizational security measures are not a one-time thing and need continuous attention. Because of this, our security officer will perform regular internal audits to make sure we stay aligned with the ISMS. Also, the auditing process will be repeated annually.
Meanwhile we keep talking to our clients which other security standards are important to their business. And we will keep investigating if it makes sense to become accredited for other standards as well.
Questions About ISO?
If you’d like to speak to someone about ISO 27001, or if you have other security related questions, please contact us.