Today we’re proud to announce that Cogendo has been certified for compliance with the ISO 27001 information security standard.
What is ISO 27001?
ISO 27001 is the international standard for information security management. It specifies a set of best practices and controls for information management.
This means that as an organisation we have:
- Examined our information security risks.
- Designed a set of security controls to mitigate these risks.
- Put in place a documented Information Security Management System (ISMS) that not only ensures that we’re doing the right things today, but that we’ll continue to do them, and monitor our performance.
- Conducted an internal audit of the above to test for conformity.
- Undertaken two audits conducted by an ISO-accredited independent certification body to test for conformity.
But it doesn’t end there! Although our certificate is valid for three years, we will have annual surveillance audits, where the certification body ensures that we are maintaining our good practices, and have processes in place to ensure that we’re continually improving our ISMS. After three years we’ll go through another full audit, to earn a certificate for another three years.
How Does This Affect Cogendo?
We have always taken data security and privacy very seriously at Cogendo, so formalising our existing practices was the natural thing to do. Now Cogendo has formally adopted a broad set of security best practices, this certification confirms our ongoing commitment to the security, confidentiality, and high availability of our services.
It’s important to understand that ISO 27001 isn’t just a ‘one-off’ audit, but an ongoing and monitored process of continuous improvement, review, and engagement with security standards and processes.
What Does This Mean for Our Customers?
You have an assurance that we are operating in a professional manner that highly values security and is compliant with an internationally recognised standard, which has been audited by an accredited third party. This certification also provides additional clarity and assurance to you when evaluating the quality, breadth, and strength of our security practices.
If you have any questions about ISO 27001, our certification, and our Information Security Management System (ISMS), please don’t hesitate to get in touch with our Data Protection Officer, at firstname.lastname@example.org.