Resources

ISO 27001 Certification

Aptible has achieved ISO 27001 certification. Learn what this means and how software development teams can get certified.

ISO 27001 is a security management standard that specifies the requirements and best practices for how an organization should run its information security management system (ISMS). Aptible has achieved ISO 27001 certification, which means that we have established the security controls and practices necessary to keep customer data safe.

Download the Aptible ISO 27001 Certificate here.

ISO 27001 Requirements

The heart of ISO 27001 is establishing holistic practices for securely managing data across an organization. The organization is responsible for creating a centralized information security governance structure that:

  • Determines what should be included within the ISMS and subject to specific rules and requirements
  • Defines roles and responsibilities for maintaining the ISMS
  • Plans security initiatives
  • Undertakes risk management
  • Monitors overall security
  • Improves the security management system

ISO 27001 for Software Development Teams

Software development teams that want to achieve ISO 27001 certification generally must:

  • Proactively manage risk, instead of just reacting to bad things as they happen
  • Plan ahead for security and set appropriate security improvement goals
  • Write down the rules for how security is supposed to work (aka “policies and procedures”)
  • Train workforce members on those rules, with advanced training for those with more security responsibilities
  • Train for and respond to security and availability incidents, including breaches

Please get in touch if you want to begin preparing for ISO 27001 certification, or need assistance with any other security framework.

More ISO 27001 Certification Resources

Defense in Brief

Sign up to get the best in security and compliance delivered monthly.

From the Blog

Webinar Recap: GDPR - Practical Advice for SaaS Companies

Henry Hund on May 21, 2018

During this webinar we covered the practical, actionable steps to take to actually become GDPR compliant. Get the recap, recording, and slides.

Read more

Aptible Enclave and Gridiron are HITRUST CSF Certified

Chas Ballew on March 13, 2018

Aptible has achieved HITRUST CSF Certification for Enclave and Gridiron. This post shares a bit more about what this means and how you can think about your own path to certification.

Read more

Aptible SOC 2 Type 2 Report Now Available

Chas Ballew on March 5, 2018

Aptible has achieved SOC 2 Type 2 compliance for the security and availability Trust Service Principles. This post shares a bit more about what this means and why this type of compliance is so valuable to B2B SaaS companies in specific. We’ll also share how you can start building a security program that meets SOC 2 requirements and is audit-ready.

Read more