Maintaining Trust With ISO-Certified Information Security
Among the many aspects that make software important and usable, one of the most critical traits concerns how secure it is. If a software vendor promises to protect the data and assets of their customers’, information security should be at the top of their to-do-list when developing and maintaining their software.
This year, following the 3 year renewal period from our initial certification in 2019, Semantic Web Company (SWC) has ticked this box by re-obtaining the ISO 27001 certification for the PoolParty Semantic Suite.
What is ISO 27001?
The ISO 27001 is one of the most recognized security certifications in the industry. Its gold standards “enable organizations of any kind to manage the security of assets such as, [but not limited to] financial information, intellectual property, employee details or information entrusted by third parties.”
The ISO framework allows organizations to protect their information in a systematic way, so that managing information assets are both cost-effective and secure. While “information assets” encompasses many activities and business objects, some common categories include:
- Employee information
- Customer records
- Intellectual property
- Legal documents
- Product specifications
- Operational procedures
To ensure that these assets are managed well, ISO 27001 defines a set of policies and processes that certified organizations must maintain in the workplace on a regular basis. On a “smaller” individual scale, this includes having strong password protection, locked items in the office, up-to-date anti-virus protection, attention to suspicious emails, etc. On an organizational level, information security managers must create security policies and processes, review, improve, and audit the information security management system.
Since the ISO standard covers numerous stringent security protocols, obtaining the certificate requires an arduous process.
What goes into the ISO 27001 certification?
First and foremost, getting (re)certified – in our case – means applying these standards to our daily operations. Employees are regularly reminded to follow the policies set by the IT department, and the office space is kept in the right conditions.
Our company culture ensures that security best practices are lived every day by the staff.
On an annual basis, we also receive a surveillance audit to review the company’s performance and check that we are maintaining our pledge to be secure. Once the full audit comes around (every three years), a thorough analysis of our company and our practices is conducted.
The auditors review the policies and procedures outlined by the security management team, then check to see if we are performing them correctly. This includes having clean, succinct, documentation, an organized ticketing system for internal task changes, security trainings, etc.
Auditors look at these pieces relevant to the ISO 27001 certification and surveill the physical premises of the office. They select employees at random to interview them based on their knowledge of the security topics, which reflects the training they have received throughout the year and their general application of the standards.
Human Resources and Product Development were also included in the audit to review the standards in regards to managing personal employee information, and the security precautions that are outlined in the software development lifecycle of the PoolParty Semantic Suite.
Altogether, this extensive audit checks that we are performing to the ISO 27001 standards, and we are proud to say that being certified again this year proves exactly that.
Why does it matter? Building trust with ISO.
The ISO 27001 certification requires a lot of work and attention to detail, as is clear by the strenuous process of maintaining it. The reason we ensure that we are complying to the ISO standards is because we want to live up to our promise that our products and handling of our customers’ sensitive data are protected.
In the past year, we have conducted our own analysis of RFIs by prospects and customers, and found that security is one of the most important topics for people reading our Help documentation. So much, in fact, that our Technical Documentation team at SWC has overhauled the Help’s Table of Contents to include nearly 50 new chapters dedicated to security and user management (for an idea of what this looks like, be sure to check out Senior Technical Writer Monika Balogh’s dizzying screenshot of the workflow here). Our team of Technical Writers is busy at work prioritizing updates to chapters pertaining to information security and adding new material (written and visual) to ensure this topic is best documented. Access the Help here >
Within our company, these measures give security to employees, and outside of the company, they give security to our customers. Customers and partners of SWC can feel certain that their assets are being managed correctly and with their best interests in mind.
Because we take the ISO standards – and by extension, our information security management – very seriously, confidential material in the legal sense (i.e. contracts) are maintained in a controlled space, and sensitive data within the PoolParty software are not at risk for being compromised. Our own product development lifecycle follows specific protocols to eliminate gaps in security. You can read more about security in the PoolParty Semantic Suite by downloading our free whitepaper >
On top of our internal workspace, we also prioritize working with suppliers who are also ISO certified. In this way, we facilitate and benefit from an ecosystem of ISO service providers who all maintain standards of security.
Among our community of semantic web technology vendors, we are proud to say that we lead our industry with the ISO 27001 certification. Through continuously actualizing our information security management goals via the ISO 27001 certification, the Semantic Web Company proves that we are committed to serving partners and customers with the most complete and secure semantic middleware on the market.