Talking the talk and walking the walk are two very different things. In the digital world, there aren’t many topics that are more important than security, privacy, and compliance. They’re not something you want to brag about unless you’re truly doing what it takes.
Email on Acid and InboxReady by Sinch are proud to announce that we’ve taken steps to back up and prove our dedication to providing customers with a secure platform that focuses on data privacy, including GDPR compliance.
Great question. It involves some industry audits and international certifications that evaluate our security programs, processes, and preparedness:
- ISO 27001 and ISO 27701
- SOC 2 Type I audit
No matter who you work with, these certifications and audits are a sign of a technology partner you can trust. To explain exactly why, let’s take a closer look at what goes into getting certified as well as passing security and compliance audits.
What is ISO 27001?
There’s a good chance you’ve heard of ISO standards before. The International Standards Organization is a global, non-governmental Germany Business Email List organization that defines, develops, and publishes all sorts of standards.
That could include sustainability standards such as net zero emissions. A fairly well-known standard is ISO 9001, which certifies quality management processes.
ISO 27001 focuses on information security standards.
We pursued and achieved this certification because it shows competence and indicates that a reliable information security program is in place. To be more specific, ISO 27001 certifies the following:
- Customers are being protected and informed through confidentiality, integrity, and the availability of attack data.
- That our program aligns with more than 140 controls to identify, investigate, and act on potential security incidents.
- That annual risk assessments are completed to ensure threats are handled properly.
For us to earn an ISO 27001 certification, independent auditors test our information security program against all those controls. That means we need to clearly identify risks, set clear objectives on what needs to be achieved with information security, and define the safeguards and mitigation efforts that will handle the risks.
Plus, ISO 27001 requires that we show how we regularly measure our information security controls and that we are continuously working to improve security.