At Tresorit, our mission is to make privacy and security available to people and businesses, and to keep their data safe in the cloud. In line with this goal, we aimed to get ISO 27001:2013 certification to further demonstrate our commitment to information security to our customers.
To achieve the certification, Tresorit’s security compliance was validated by an independent audit firm, member of the internationally trusted TÜV Rheinland Group, after a rigorous process of demonstrating an ongoing and systematic approach to managing and protecting company and customer data securely.
Being a company with security at our heart, this milestone is very important for us. Lead by our Information Security Officer, Zoltán Horváth, almost every team in the company – including IT, Engineering, Infrastructure, Sales, Marketing and the entire Executive staff – came together to get this job done.
What is ISO 27001?
ISO 27001 is one of the most widely recognized and internationally accepted information security standards. It’s one of the few standards that uses a top-down, risk-based approach to evaluation. It identifies requirements and specifications for a comprehensive Information Security Management System (ISMS) defining how an organization should manage and treat information more securely, including applicable security controls.
What did we have to do to get the certification?
As a first step, we had to get commitment from our top management to ensure success. We then identified internal and external issues and stakeholders to ensure all expectations are considered for the scope of the ISMS. Following this, we established risk management and had to assess and treat risks. Based on the output implement, appropriate organizational policy and/or technical controls had to be set up. Finally, we performed an internal audit and carried out a management review. Once everything was in order, we had to find an appropriate certificate body that fitted our business profile to carry out the audit.
What is the scope of our ISMS?
Our ISMS covers sales, development, maintenance and support of our end-to-end encrypted cloud services.
Why is it important for our customers?
This certification is an additional proof of our commitment to information security. It plays a crucial role in assuring our customers that we take all necessary steps to keep their data in the cloud safe, secure, and accessible.
How will this impact our customers?
The services we provide to our customers will not be impacted. This certification is a security credential for your reference.
About the author
|Zoltan held various compliance assurance, information security, audit, and operation support positions at IBM before joining us as Information Security Officer. Now he is working on further improving our internal security policies as part of our ISO27001 certification process.|