We are happy to announce that after a 12-month process where our engineering, security and product teams have worked tirelessly to meet the necessary requirements, Didomi has obtained the internationally recognized ISO 27001 certification.

 

In this article, we will go over what the certification is about, what the process to get certified was, and what it means for our customers and prospective clients.

 

Summary

 

 

 

What is the ISO 27001 certification?

 

The ISO 27001 standard is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its objective is to help businesses organize their people, processes, and technology in order to best ensure the confidentiality, availability, and integrity of information.

 

In essence, ISO 27001 focuses on businesses’ Information Security Management System (ISMS), outlining how they’ve integrated information security into their business processes. The primary goal being to prove to customers that security is a top priority for the company.

 

In terms of ensuring the security of information and data, ISO 27001 is considered the global gold standard. Organizations that are awarded an ISO 27001 certification are proven to provide best-in-class security practices to potential clients across the globe.

 

How Didomi obtained the ISO 27001 certification

 

The certification process for companies to become ISO 27001 certified is complex. It involves several aspects: 

 

  • Implementing an Information Security Management System (ISMS)
  • Establishing an ISMS governing within the company
  • Performing an internal audit to evaluate the ISMS
  • Undergoing an external ISO 27001 audit by an accredited third party

 

The ISO 27001 certification required the team at Didomi to complete a number of tasks prior to beginning the actual certification process, including getting management approval and support, and adopting an Information Security Management System (ISMS).

The ISMS is the foundational layer for the ISO 27001.

It provided the policies, procedures, standards, and best practices that Didomi must use to further enhance business practices. Once an ISMS was adopted, it had to be implemented across the appropriate processes and technologies.

The implementation of the ISMS is the largest and most difficult part of the ISO 27001 process. In some cases, the organization can be required to implement new behaviors, business practices, or technologies in order to meet the business demands present in the ISMS.

Once Didomi had completed the ISMS implementation, the internal audit had to be be performed. This audit reviews the ISMS and how well it is implemented, followed, and documented. If this internal audit finds deficiencies, the organization must correct course to maintain compliance.

Once Didomi had completed all these steps, we worked directly with an accredited organization to undergo an ISO 27001 audit. This is a multi-day audit that reviews all aspects of the ISMS, its implementation, and the controls described within. Through the audit, each aspect of the ISO 27001 standard is reviewed and proven by the certifying organization.

 

The ISO 27001 certification is valid for three years, but surveillance audits must be performed every year to verify that the ISMS continues to operate effectively. 

 

What does it mean for our customers?

 

Quote from Jawad Stouli, CTO at Didomi: “We are proud to have achieved one of the most demanding security certifications in the industry. Being ISO27001-certified demonstrates how important security is at Didomi and the maturity of our products and processes”

 

The ISO 27001 certifications is a major milestone for Didomi, the team, and of course our customers.

 

Namely, it provides our clients with the reassurance that their data is managed in compliance with the highest security standards. Additionally, it dramatically improves the level of protection that their data is benefitting, and greatly protects against potential data breaches. And more:

 

  • Safeguarding Didomi business continuity, disaster recovery, and incident response processes
  • Continuously validating information security practices 
  • Streamlining client onboarding experience with standardized Information Security questionnaire

 

Didomi is ISO 27001 certified by Consilium Labs, an auditor certified by ANAB (ANSI National Accreditation Board, the largest certification body in the western hemisphere).

 

Your Didomi representative can provide you with our certification on request. To learn how the ISO 27001 certification can impact your experience as a customer and learn more about Didomi’s offering, head to our dedicated Security page:

 

Learn more about ISO 27001