Notice something a little different about us? No, it’s not a new haircut. At the bottom of our website, you might see that we have a new security certificate to show off.
Earlier this month, we were thrilled to receive ISO 27001 compliance, the information-security certificate from the International Organization for Standardization.
Investing the time and resources required to get the ISO certificate further proves our commitment to data privacy and security. And it reminds potential and future customers alike that we are a smart choice for their data.
We decided to pursue ISO certification after we successfully completed our SOC 2 compliance audit this spring. We wanted to show off the sophistication of our security protocols, and build trust with potential customers.
Because we had already devised such sophisticated policies to receive our SOC II certificate, coming into compliance within ISO 27001 took us less than a month.
What does ISO 27001 actually mean?
The ISO 27001 certification is one of the best known standards for information security across the world. Many enterprise companies require it.
The ISO 27001 vets your people, policies, and technologies. To receive it, we needed to showcase our state-of-the-art risk management systems. We were assessed on our level of risk, our regulatory compliance, our redundancy plan, our disaster recovery plan, our business continuity plan, and more.
Disaster and continuity planning. ISO asks companies to answer questions about how smoothly they would react if a critical failure occurred in some level of their business. For instance, if a business’s cloud provider goes down, ISO asks: What would they do next? If there’s a critical failure with a cloud server along the west coast of the U.S., what would you do to ensure your customers are not negatively impacted?
These aren’t easy issues to resolve, but at Intentwise, we have crafted sophisticated plans to anticipate and manage these kinds of crises. For instance, we proved to the ISO that we have excellent business continuity practices. We can swiftly shift our system from one coast to another, and get it back up and running within 24 hours.
Internal employee security. Another element of the ISO certification is proving the security of information within our own company. At Intentwise, we have strict checks and balances concerning which of our employees can access sensitive customer information.
Similarly, we proved that we have a robust process for leadership continuity. If for some reason senior leadership is absent, we have appropriately qualified employees who can step forward and manage a crisis.
Not one and done: Our commitment to constant improvement
One of the biggest features of ISO certification, which Intentwise has also valued for years, is continuous self-improvement.
Getting a certificate at one moment in time is great, but what really matters is that you keep updating and improving your systems.
Whether an auditor is looking or not, we are always hard at work stress-testing our security protocols and iterating on new changes. Within Intentwise, we have a dedicated Privacy Manager on staff, as well as a patchwork of employees who have taken on roles as risk managers.
These staff members meet regularly to analyze the state of our protocols, update each other on any changes or alerts related to privacy and security, and brainstorm new paths forward. We have a monthly, all-hands-on-deck privacy and security review. Our team is also rolling out improvements on a daily or weekly cadence.
We are proud of our ISO and SOC 2 certificates, because it validates what we know, internally, to be true: When you work with Intentwise, you can be sure you are getting state-of-the-art security and privacy treatment for your data.
