Schedule a Demo


See the latest news and insights around Information Governance, eDiscovery, Enterprise Collaboration, and Social Media. 

All Posts

PageFreezer Is ISO 27001 Certified. Here’s Why It Matters

We announced a little while ago that PageFreezer has earned ISO 27001:2013 certification. Now, unless you’re a compliance or IT security professional, you are probably wondering why it matters. Does it have any actual impact on the service you’re receiving? And anyway, aren’t all the vendors in our industry certified as well? 

PageFreezer Is ISO 27001 Certified. Here’s Why It Matters

The truth is, they’re not. In fact, very few are. Some claim that they are compliant with ISO 27001 security practices, but merely being compliant is not the same thing as being certified by an independent, third-party audit (certification body). Earning ISO 27001 certification demanded a massive commitment from our company—the initial certification process took about a year and demanded that we look at all the security implications of every process within PageFreezer. Everything from email and password security to hiring, employee onboarding, business continuity, supplier relationships, the physical security of the workplace, and employee devices had to be taken into consideration. The ISO 27001:2013 standard consists of 14 sections that deal with no less than 114 specific controls.

But why does ISO 27001 certification matter? Why did we spend a year getting certified? Let’s zoom out a little and look at what ISO 27001 is. 


What Is ISO 27001?

ISO 27001:2013 is an information security standard that is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It specifies an information security management system (ISMS) that’s aimed at improving organizational security and integrating security into all aspects of managing a company. 

In order to earn ISO 27001:2013 certification, a company is asked to consider the information security risks that it faces—specifically those vulnerabilities and threats that can place data and information systems at risk. Once risks have been (thoroughly) analyzed, the company then needs to implement robust and all-embracing controls to mitigate these risks. And that’s not the end of it; there are annual independent maintenance and surveillance audits that look for evidence verifying all procedures of the security management system are actually implemented, reassessed, reviewed and improved over time. In other words, certification isn’t a box that you tick once and forget about—it’s a long-term, ongoing commitment to information security.


Protecting What Matters

The reason we did all this work is simple: we want to protect our customers. By attaining ISO 27001:2013 certification, we show that we’re doing everything we can to protect the confidentiality, integrity, and availability of information, systems, and services. The controls we’ve implemented during this process ensure that information assets are protected from unauthorized access, that accurate and complete information is delivered by systems that are reliable, and that information is available when authorized users need it. 

We monitor, capture, and archive data across websites, social media channels, enterprise collaboration platforms, and mobile text messages. So it goes without saying that a lot of the data we manage is of a sensitive nature. With breaches costing companies millions, even hundreds of millions of dollars, we see it as our duty to do everything we can to help keep data safe.


Certainty Is Power

Companies and government organizations depend on the records we create to prove compliance and ready themselves for litigation, so it’s crucial that the accuracy and authenticity of the data be beyond question. Through ISO 27001:2013 certification, we give customers the peace of mind that comes with knowing they’re relying on a secure archive. 

For more information about security at PageFreezer, please visit our Security Page. Below I’ve also put together some tips for any company preparing to embark on certification:

  • Create a dedicated team to manage information security requirements and oversee the implementation process;
  • Do your homework, consult with experts, and give yourself the time to develop a thorough implementation plan;
  • Realize that you’ll have to come up with your own continual improvement methodology; ISO 27001 gives guidance and recommends a process to develop an overall framework, but it doesn’t prescribe specific security practices;  
  • You’ll need to really consider the security implications of things like the larger context of your organization, relevant laws and regulations, and individual customer requirements in order to conduct an ISO 27001 risk assessment and identify your company’s security baseline;
  • Take time to understand the scale and scope of the ISMS you’ll be implementing and how it will affect day-to-day operations;
  • Implementing ISO 27001 from scratch typically takes 9 - 12 months (with a dedicated employee managing the process). Keep this timeline and the necessary resources in mind when doing your planning;
  • Prepare to educate and train employees—and answer lots of questions.

Want to experience PageFreezer’s enterprise-level security features for yourself? Request a demo by clicking the button below. 

Schedule a Demo


Michael Riedijk
Michael Riedijk
With more than 20 years of experience building successful technology companies in Europe and North America, Michael Riedijk is recognized as a leading innovator in compliance technologies. Originally from The Netherlands, Michael relocated to Canada and launched Pagefreezer in 2010.

Related Posts

SEC Rule 17a-3 & FINRA Records Retention Requirements Explained

Financial industry recordkeeping regulatory requirements like the U.S. Securities and Exchange Commission (SEC) Rules 17a-3 and 17a-4, and the Financial Industry Regulatory Authority (FINRA) Rules 4511 and 2210, play a crucial role in maintaining the integrity of the U.S. financial markets. These regulations are not just bureaucratic formalities; their oversight involves ensuring that financial services firms adhere to stringent record retention requirements, essential for the transparency, accountability, and trust that underpin the financial system.

The Reddit OSINT/SOCMINT Investigation Guide

According to its IPO prospectus submitted to the US Securities and Exchange Commission on February 22, 2024, Reddit has more than 100K active communities, 73 million daily active visitors, 267 million weekly unique visitors, and more than 1 billion cumulative posts.

Understanding a Request for Production of Documents (RFP)

Requesting production of documents and responding to requests for production (RFP) are key aspects of the discovery process, allowing both parties involved in a legal matter access to crucial evidence.