Safetica Defends Its ISO 27001 Certificate

We are happy to announce that Safetica has upheld its ISO 27001 re-certification.

This certification is essential for many reasons. ISO 27001 is a set of standards developed to handle information security. The framework comprises several policies and combinations designed to protect our information systematically and cost-effectively.

The main focus of ISO 27001 is to prevent security incidents, as any incident could lead to a financial penalty. The way to assess risk is by first finding what problems could happen to our data and then defining what we can do to prevent that from happening. Taking these measures to avoid incidents saves time and money and reduces risk.

A company that follows ISO 27001 aims to protect three aspects of information:

• Confidentiality: only authorized persons have the right to access information
• Integrity: only authorized persons can change the information
• Availability: information must be accessible to authorized persons whenever it is needed

We do this by following the ISO 27001 controls (also known as safeguards). To become certified, we need to show how these safeguards are implemented across different areas of the company. Here are a few examples:

• Technical – Backups, firewalls
• Organizational – Access Control Policy, BYOD Policy
• Legal – NDA (non-disclosure agreement), SLA (service level agreement)
• Physical – CCTV cameras, locks
• Human resources – Internet Security training, ISO 27001 internal auditor training

By accomplishing this re-certification, Safetica proves to its customers and partners that we follow the best practices in safeguarding their data. But most importantly, it shows that we are committed to providing a clear, structured, and smart path to keeping data safe and secure.

Our Chief Information Security Officer, Radim Trávníček, has prepared the following statement:

In Safetica, we understand that data and information protection is a complex and robust area. Because of that, Safetica runs its own security program based on the international standard ISO/IEC 27001, with a strong focus on protecting our own data and our client's data.

We passed through an independent certification security audit at the beginning of September. This was a re-certification audit, and we are happy to announce that we successfully defended our ISO 27001 certificate. We have achieved this certificate for three years, proving the high level of information security of our products and our company.

But the main goal of our security program is not achieved with new certificates. Information Security is a never-ending activity, and we understand this very well. Due to that, we are continuously monitoring new threats and vulnerabilities and taking appropriate security controls to minimize security risks.

We also started implementing new requirements of the updated ISO 27002. The new requirements will be placed on all companies with ISMS implemented until the end of this year (when the latest version of ISO 27001 is published.) Finally, we go beyond this by starting the activities for getting the certification for ISO 27017 – Information Security for Cloud services.