In the last month, we were audited and certified by an accredited ISO certification body, URS Holdings. The audit took 6 full days to complete as we covered all possible security areas with the auditor, demonstrating successful implementation of ISO 27001 standards.
What is ISO 27001?
ISO 27001 is the leading international standard focused on information security, published by the independent International Organization for Standardization (ISO). This international organization is composed of experts from across the globe working together to develop and publish worldwide technical, industrial and commercial standards that define excellence in innovation.
ISO 27001 specifies the requirements for implementing and maintaining an Information Security Management System (ISMS) to act as a secure framework that can protect organizational information in a systematic and trusted way.
Why did we want to do this?
With the rise in cybercrimes such as Ransomware attacks in recent years, it is important to place the highest priority on information security. As stated in the most recent Gartner Hot Spots report: cyber vulnerability is one of the most critical risk areas for organizations.
At Open Social we have always taken security seriously. Both as a company and as a trusted online community software provider for important multinational organizations such as the UN and Salvation Army. We’ve taken numerous measures over the years to ensure that our online communities stay secure, including making sure client data is handled through encrypted storage and only available over secure connections.
It was important for us, however, to get the ISO 27001 certification to ensure our information security maintains the highest standards. The certification process was long and rigorous, starting early in 2021 already as we worked with leading cyber security consultants at Iterasec.
What does being ISO 27001 certified mean?
In short, it means that Open Social has a world-class Information Security Management System in place! Completing the ISO 27001 certification process allowed us to reinforce our existing controls and set up a framework to continuously improve over time.
ISO 27001 certification ensures that we not only have good technical security measures such as encryption, but that we are following leading security practices in our IT infrastructure, production processes, office security, training, risk assessment and much more.
What are the benefits for you?
The ISO 27001 certification is the proof we can hand to you that Open Social is following international information security best practices. It also ensures that:
- Your data is rigorously protected
- We assess, minimize, and eliminate risk and vulnerabilities
- Open Social is compliant with the highest standard for information security
- We have an internal culture of security, employees prioritize information security by design
- There is operational excellence when it comes to our IT, HR, and information processes
At Open Social, we understand that our online community software is an important part of your organization and we take that responsibility very seriously. Everyone at Open Social is committed to protecting your data and we’re extremely proud to have our ISO 27001 certification to prove it.
Security is not a one-time thing and needs continuous attention. Our Security Officer will maintain our ISMS and keep it up to date. We will be performing regular internal audits and the external audit will be repeated annually.
We will keep talking to our clients about other security standards that are important to them and continue to work toward getting any additional security accreditations necessary.
Do you want to learn more about the ISO 27001 certification and how it helps us keep your online community secure and protect your members’ data? Join our upcoming webinar on community security with Iterasec CEO Igor Kantor.