Resources

ISO 27001 Certification

Aptible has achieved ISO 27001 certification. Learn what this means and how software development teams can get certified.

ISO 27001 is a security management standard that specifies the requirements and best practices for how an organization should run its information security management system (ISMS). Aptible has achieved ISO 27001 certification, which means that we have established the security controls and practices necessary to keep customer data safe.

Download the Aptible ISO 27001 Certificate here.

ISO 27001 Requirements

The heart of ISO 27001 is establishing holistic practices for securely managing data across an organization. The organization is responsible for creating a centralized information security governance structure that:

  • Determines what should be included within the ISMS and subject to specific rules and requirements
  • Defines roles and responsibilities for maintaining the ISMS
  • Plans security initiatives
  • Undertakes risk management
  • Monitors overall security
  • Improves the security management system

ISO 27001 for Software Development Teams

Software development teams that want to achieve ISO 27001 certification generally must:

  • Proactively manage risk, instead of just reacting to bad things as they happen
  • Plan ahead for security and set appropriate security improvement goals
  • Write down the rules for how security is supposed to work (aka “policies and procedures”)
  • Train workforce members on those rules, with advanced training for those with more security responsibilities
  • Train for and respond to security and availability incidents, including breaches

Please get in touch if you want to begin preparing for ISO 27001 certification, or need assistance with any other security framework.

More ISO 27001 Certification Resources

Defense in Brief

Sign up to get the best in security and compliance delivered monthly.

From the Blog

Recap: Aptible January 2018 Quarterly Product Update Webinar

Elissa Shevinsky on January 30, 2018

In case you missed it, you can watch a recording of our January webinar below. You can also grab the transcript and the slide deck in our resources section. We provide a full recap of the event in this post.

Read more

Meltdown and Spectre are Critical Vulnerabilities for Cloud Infrastructure. Here’s How the Aptible Security Team Responded

Frank Macreery on January 10, 2018

Meltdown is a critically important vulnerability for any PaaS provider. This post details why that's the case, how Aptible responded to Meltdown and, more broadly, how Enclave is architected to protect against these sort of vulnerabilities by default.

Read more

Recap: Aptible October 2017 Quarterly Product Update Webinar

Henry Hund on October 26, 2017

Quick recap of Aptible's October quarterly product update and all that's new with Enclave and Gridiron.

Read more