06-26-18 | Blog Post

Online Tech certified as ISO 27001 compliant

Blog Posts

We’re very excited to announce that each of our five data centers as well as our headquarters are officially certified as ISO 27001 compliant! We received the good news from our auditors this month. The entire process took about four months–much faster than we or our auditors expected.

What is ISO 27001

What’s so special about this? What is ISO 27001, anyway?

Well, ISO 27001 is one in a set of standards that specifically outlines the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS) within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. There are about a dozen standards in the ISO 27000 family, but 27001 is what’s known as a management standard–meaning you can be certified against it.

There are 14 specific controls the ISMS must meet in order to be certified as compliant, listed below:

  1. ISMS scope
  2. Information security policy
  3. Information risk assessment process
  4. Information risk treatment process
  5. Information security objectives
  6. Evidence of the competence of the people working in information security
  7. Other ISMS-related documents deemed necessary by the organization (optional?)
  8. Operational planning and control documents
  9. Results of information risk assessments
  10. Decisions regarding information risk treatment
  11. Evidence of monitoring and measurement of information security
  12. ISMS internal audit program and its results
  13. Evidence of top management reviews of ISMS
  14. Evidence of nonconformities identified and corrective actions arising

We are very pleased that we have passed each of these controls with no exceptions, meaning the auditor had no suggestions for improvement to meet the standard. We firmly believe in a company-wide culture of compliance, and it’s rewarding to see that culture reflected by way of our successful audit(s)!

We’re also compliant with HIPAAPCI,  SOC 1 and 2, and EU-US Privacy Shield. Want to learn more? Visit our compliant hosting page or simply contact us to talk with one of our compliance experts!

Overwhelmed by cloud chaos?
We’re cloud experts, so you don’t have to be.

© 2024 OTAVA® All Rights Reserved