We are excited to announce we have recently been certified to ISO 27001.
The world’s leading standard for information security management systems (ISMS), the ISO 27001 contains a set of high-level standards for handling information securely.
The reason Propel chose to pursue this rigorous certification process is because we know how important information security is to our business and our clients.
But simply knowing this and having some well-intentioned processes in place isn’t enough. We wanted to make sure we are highly diligent in securing our internal information, as well as protecting our client's information when entrusted to us.
That means adopting best practice in those areas, and there's nothing better than aligning to the global gold standard for information security – ISO 27001.
It wasn’t a matter of ticking a few boxes and paying a registration fee. The whole process took us 9 months to complete.
The cornerstone of the ISO 27001 is the assessment and management of risk. This means checking and creating an information security management system to ensure the confidentiality, integrity and availability of information. And it’s not only about how technology handles information, but how people and processes within our business ensure that information is kept secure.
Only businesses who can prove to an external auditor that they have excellent controls for data security, risk assessment, and information management are eligible to receive ISO 27001 certification.
Here are a few things we implemented:
Ultimately, this certification demonstrates our commitment to information security, compliance, and regulation practices.
Our aim is to give our clients confidence that we use advanced systems and processes to ensure that all information we receive, track, or share is treated with the highest standards of security and confidentiality. We protect the integrity of all data and associated processes so that our clients can trust our services. What’s more, we have a culture of information security, ensuring our team is aware of its importance at all times.
There’s another big benefit of the certification for our clients, which has to do with secure development.
Secure development is about the development practices that ensure we are thinking about information and security as we build systems, and validating as we go along.
When we start to build applications for our clients, we are thinking about information security from the perspectives of:
As a reminder, we have embedded a security checkpoint in our story life cycle. Here we prompt ourselves on the impact on confidentiality, integrity and availability of information.
Going through the ISO 27001 certification process has helped us achieve a state where we can have confidence in how we manage our information. More importantly, it has created a security mindset across the entire team that we are seeing our customers benefiting from already.
Information security is constantly evolving, and our certification puts us in the best position to stay on top of these changes. Auditing our processes at least every year will help us to maintain and improve our information security so our clients can always trust our services.