We're Now ISO 27001-Certified
Earning and maintaining our customers' trust is – and always has been – a huge deal at Frontify. We’re proud to announce that we’ve completed our ISO certification and stand by our promise to deliver the highest quality of security for you and your business.
Since day one, IT and information security have been included in every aspect of our system development, our internal operations, and how data is handled.
In the early days, we asked ourselves which standard should be the reference for our information security management system. After much research, including suggestions from our customers, we decided to aim for the ISO/IEC 27001:2013 standard.
Frontify's success and growth naturally brings more security risks, which motivates us to grow and become even better. At the beginning of 2020, we decided it was time to become ISO/IEC 27001:2013 certified.
The ISO/IEC 27001:2013 standard has the overarching goal of protecting confidentiality, integrity, and availability of a company and its customers. Protection is ensured with 114 controls that must be fulfilled across 14 sections.
Once an ISO/IEC 27001:2013 certificate is issued to a company, it’s valid for a period of three years. During this time, the certification body will perform surveillance audits to evaluate if the organization is maintaining the ISMS properly and if required improvements are being implemented in due time.
Before we began the certification process, we first wanted to get an external view. We hired a consulting company to do a gap analysis. After that, we got to work. Revising risk management; revising existing policies and workflows; creating non-existing policies and workflows; reviewing technical measures and revisions as needed; talking to various stakeholders; training employees and getting them on board; and of course, lots of meetings to sync with everyone.
By the end of 2020, we were ready for the audit. COVID-19 delayed things a bit. Due to home office obligations in Switzerland, we conducted a delayed Stage 1 audit in March and the Stage 2 audit in April 2021. But we're excited to announce that all the careful planning, hard work, and patience has paid off.
In June, we received the information from the auditors that Frontify successfully passed the ISO/IEC 27001:2013 certification process and is now officially ISO/IEC 27001:2013 certified. We’re very happy to present the certificate below.
Just as brands evolve, information security must also be in a constant state of evolution and improvement. To say the least, this milestone is not the end but the beginning.