BLOG

See the latest news and insights around Information Governance, eDiscovery, Enterprise Collaboration, and Social Media. 

All Posts

PageFreezer Is ISO 27001 Certified. Here’s Why It Matters

We announced a little while ago that PageFreezer has earned ISO 27001:2013 certification. Now, unless you’re a compliance or IT security professional, you are probably wondering why it matters. Does it have any actual impact on the service you’re receiving? And anyway, aren’t all the vendors in our industry certified as well? 

PageFreezer Is ISO 27001 Certified. Here’s Why It Matters

The truth is, they’re not. In fact, very few are. Some claim that they are compliant with ISO 27001 security practices, but merely being compliant is not the same thing as being certified by an independent, third-party audit (certification body). Earning ISO 27001 certification demanded a massive commitment from our company—the initial certification process took about a year and demanded that we look at all the security implications of every process within PageFreezer. Everything from email and password security to hiring, employee onboarding, business continuity, supplier relationships, the physical security of the workplace, and employee devices had to be taken into consideration. The ISO 27001:2013 standard consists of 14 sections that deal with no less than 114 specific controls.

But why does ISO 27001 certification matter? Why did we spend a year getting certified? Let’s zoom out a little and look at what ISO 27001 is. 

 

What Is ISO 27001?

ISO 27001:2013 is an information security standard that is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It specifies an information security management system (ISMS) that’s aimed at improving organizational security and integrating security into all aspects of managing a company. 

In order to earn ISO 27001:2013 certification, a company is asked to consider the information security risks that it faces—specifically those vulnerabilities and threats that can place data and information systems at risk. Once risks have been (thoroughly) analyzed, the company then needs to implement robust and all-embracing controls to mitigate these risks. And that’s not the end of it; there are annual independent maintenance and surveillance audits that look for evidence verifying all procedures of the security management system are actually implemented, reassessed, reviewed and improved over time. In other words, certification isn’t a box that you tick once and forget about—it’s a long-term, ongoing commitment to information security.

 

Protecting What Matters

The reason we did all this work is simple: we want to protect our customers. By attaining ISO 27001:2013 certification, we show that we’re doing everything we can to protect the confidentiality, integrity, and availability of information, systems, and services. The controls we’ve implemented during this process ensure that information assets are protected from unauthorized access, that accurate and complete information is delivered by systems that are reliable, and that information is available when authorized users need it. 

We monitor, capture, and archive data across websites, social media channels, enterprise collaboration platforms, and mobile text messages. So it goes without saying that a lot of the data we manage is of a sensitive nature. With breaches costing companies millions, even hundreds of millions of dollars, we see it as our duty to do everything we can to help keep data safe.

 

Certainty Is Power

Companies and government organizations depend on the records we create to prove compliance and ready themselves for litigation, so it’s crucial that the accuracy and authenticity of the data be beyond question. Through ISO 27001:2013 certification, we give customers the peace of mind that comes with knowing they’re relying on a secure archive. 

For more information about security at PageFreezer, please visit our Security Page. Below I’ve also put together some tips for any company preparing to embark on certification:

  • Create a dedicated team to manage information security requirements and oversee the implementation process;
  • Do your homework, consult with experts, and give yourself the time to develop a thorough implementation plan;
  • Realize that you’ll have to come up with your own continual improvement methodology; ISO 27001 gives guidance and recommends a process to develop an overall framework, but it doesn’t prescribe specific security practices;  
  • You’ll need to really consider the security implications of things like the larger context of your organization, relevant laws and regulations, and individual customer requirements in order to conduct an ISO 27001 risk assessment and identify your company’s security baseline;
  • Take time to understand the scale and scope of the ISMS you’ll be implementing and how it will affect day-to-day operations;
  • Implementing ISO 27001 from scratch typically takes 9 - 12 months (with a dedicated employee managing the process). Keep this timeline and the necessary resources in mind when doing your planning;
  • Prepare to educate and train employees—and answer lots of questions.

Want to experience PageFreezer’s enterprise-level security features for yourself? Request a demo by clicking the button below. 

Schedule a Demo

 

Michael Riedijk
Michael Riedijk
With more than 20 years of experience building successful technology companies in Europe and North America, Michael Riedijk is recognized as a leading innovator in compliance technologies. Originally from The Netherlands, Michael relocated to Canada and launched Pagefreezer in 2010.

Related Posts

How Schools Can Manage Official Social Media Accounts and Protect Student Privacy

With many schools boasting large and active communities, it’s unsurprising that social media has become a  popular tool in education. Social media platforms offer an engaging way to share information and connect students, parents, and teachers. A Facebook page or Twitter account makes it easy to inform everyone that school has been closed because of snow, remind parents of important upcoming events, or simply celebrate the latest team win. 

The Best Way to Place Social Media Data on Litigation Hold

With so many people active on social media these days, it’s hardly surprising that posts and comments on platforms like Facebook and Twitter often feature prominently during legal matters. This means that legal professionals have an obligation to protect relevant social media data from spoliation, but the challenges that come with these modern information sources extend far beyond willful destruction of evidence.

Social Media Evidence Spoliation and Preservation

No case better illustrates the risks of social media spoliation than Lester v. Allied Concrete Company. The plaintiff had lost his wife in a tragic vehicle accident and was suing for wrongful death. Unfortunately, some Facebook photos came to light that his lawyer was afraid would prejudice the case, and he consequently told his client to delete them. “We do not want blow ups of other pics at trial,” an email from the law firm read, “so please, please clean up your Facebook and MySpace!”