Posted
Continuing our commitment to protect our customers’ data
What is ISO 27001?
ISO 27001 is an internationally recognized standard defining requirements for a systematic approach to managing sensitive information, also known as an information security management system (ISMS).
But what’s an ISMS?
Think of an ISMS as the blueprint for how we identify, assess, and act on or manage risk. Through our ISMS, we employ functionally verifiable processes to protect your data and our services.
So why does ThreatConnect follow ISO 27001?
ISO 27001 is the gold standard for risk management. It’s both specific and comprehensive. When implementing a security program, it’s important to select effective and appropriate security controls. A security program needs to be adaptable and extensible to address changing technologies, industries, and threats. It also needs to be verifiable. The ISO 27001 standard defines a well-understood process that trusted auditors use to examine a submitted ISMS and certify that it conforms to the gold standard.
What does it mean to be certified?
Certification provides verifiable third-party proof of compliance with the standard and guarantees that we have accomplished the following objectives:
- formally adopted a risk management approach;
- assessed our information security risks according to this approach;
- selected an appropriate set of security controls to mitigate these risks;
- implemented appropriate methodologies and processes to continually monitor and improve the system and its controls;
- performed an internal audit of the ISMS;
- received favorable audit results of the ISMS against the ISO 27001:2013 standard by an ISO-accredited third party.
Certification itself doesn’t change our ISMS or security practices. It doesn’t mean we protect your data any differently than before. It does mean, however, that you can be confident in our security practices. We’ve not only let an internationally recognized third party examine them, but we’ve also committed to keep those practices improving on an ongoing basis.
What does it mean for our customers?
ThreatConnect has always been committed to securing customer data. While we didn’t have to submit our ISMS for certification, we chose to do so to provide our customers with additional confidence in our commitment to them. Because we follow the ISO 27001:2013 standard, we understand the risks to the data they entrust us with, as well as to our services, and have implemented controls to manage those risks.
Trust is earned, and we understand this. It’s ThreatConnect’s commitment to continue to show that your trust in us is well founded. For more information about ThreatConnect or our security program, please connect with us.
(Configuration, management, support, and delivery activities related to cloud systems supported by Amazon RDS)