Aptible logo
Sign up for free

ISO 27001 Certification

ISO 27001 is a security management standard that specifies the requirements and best practices for how an organization should run its information security management system (ISMS). Aptible has achieved ISO 27001 certification, which means that we have established the security controls and practices necessary to keep customer data safe.

Download the Aptible ISO 27001 Certificate

ISO 27001 Requirements

The heart of ISO 27001 is establishing holistic practices for securely managing data across an organization. The organization is responsible for creating a centralized information security governance structure that:

  • Determines what should be included within the ISMS and subject to specific rules and requirements

  • Defines roles and responsibilities for maintaining the ISMS

  • Plans security initiatives

  • Undertakes risk management

  • Monitors overall security

  • Improves the security management system

ISO 27001 for Software Development Teams

Software development teams that want to achieve ISO 27001 certification generally must:

  • Proactively manage risk, instead of just reacting to bad things as they happen

  • Plan ahead for security and set appropriate security improvement goals

  • Write down the rules for how security is supposed to work (aka “policies and procedures”)

  • Train workforce members on those rules, with advanced training for those with more security responsibilities

  • Train for and respond to security and availability incidents, including breaches

Please get in touch if you want to begin preparing for ISO 27001 certification, or need assistance with any other security framework.