VeracityID's mission is to give our insurance carrier customers the ability to develop and deploy composable enterprise solutions in the cloud. In line with this goal, we aimed to get ISO 27001:2013 certification to further demonstrate our commitment to information security to our customers.
To achieve thecertification, VeracityID's security compliance was validated by an independent audit firm,A-LIGN, after a rigorous process of demonstrating an ongoing and systematic approach to managing and protecting company and customer data securely.
Maintaining rigorous information security is one of VeracityID's core values. Led by our Chief Compliance Officer, Frank Hailstones, every functional team in the company participated in the process.
What is ISO27001?
ISO 27001 is the most widely recognized and internationally accepted information security standard. It’s one of the few standards that uses a top-down, risk-based approach to evaluation. It identifies requirements and specifications for a comprehensive Information Security Management System (ISMS) defining how an organization should manage and treat information more securely, including applicable security controls.
What did we have to do to get the certification?
As a first step, we had to get commitment from our top management to ensure success. We then identified internal and external issues and stakeholders to ensure all expectations are considered for the scope of the ISMS. Following this, we established risk management and had to assess and treat risks. Based on the output implement, appropriate organizational policy and/or technical controls had to be set up. Finally, we performed an internal audit and carried out a management review. Once everything was in order, we had to find an appropriate certificate body that fitted our business profile to carry out the audit.
What is the scope of our ISMS?
Our ISMS covers sales, development, maintenance and support of our end-to-end encrypted cloud services.
Why is it important for our customers?
This certification is an additional proof of our commitment to information security. It plays a crucial role in assuring our customers that we take all necessary steps to keep their data in the cloud safe, secure, and accessible.
How will this impact our customers?
The services we provide to our customers will not be impacted. This certification is a security credential for your reference.