ISO 27001 is a security management standard that specifies the requirements and best practices for how an organization should run its information security management system (ISMS). Aptible has achieved ISO 27001 certification, which means that we have established the security controls and practices necessary to keep customer data safe.
The heart of ISO 27001 is establishing holistic practices for securely managing data across an organization. The organization is responsible for creating a centralized information security governance structure that:
Determines what should be included within the ISMS and subject to specific rules and requirements
Defines roles and responsibilities for maintaining the ISMS
Plans security initiatives
Undertakes risk management
Monitors overall security
Improves the security management system
Software development teams that want to achieve ISO 27001 certification generally must:
Proactively manage risk, instead of just reacting to bad things as they happen
Plan ahead for security and set appropriate security improvement goals
Write down the rules for how security is supposed to work (aka “policies and procedures”)
Train workforce members on those rules, with advanced training for those with more security responsibilities
Train for and respond to security and availability incidents, including breaches
Please get in touch if you want to begin preparing for ISO 27001 certification, or need assistance with any other security framework.