news
August 1, 2022

Why we pursued ISO 27001 certification

The steps we took to achieve ISO 27001 certification and why it matters for our customers.
Contents
What you need to know
The Announcements
Summary
Research, Tracking, Engaging Made Smarter
Easy to use tools to uncover risk, track issues and report your engagement
Thanks for getting in touch. Redirecting you now...
Oops! Something went wrong while submitting the form.

What is ISO?

ISO 27001 is a certification issued by the International Organisation for Standardisation (ISO). It contains a set of high level technological and human standards for handling information securely.

The three key principles of the ISO 27001 certification are:

  • Confidentiality - information is classified and only disclosed to authorised stakeholders
  • Integrity - information is accurate
  • Availability - information is accessible when required

Together, these principles ensure that all customer information that GovConnex holds is secured to a high international standard.

Why is it important?

You are only as secure as your weakest link. The certification not only keeps our development team accountable, but it ensures that our organisation has the tools and processes across the entire organisation to continue to take action and improve our security posture.

Trust is critical, and while our data security procedures were already at the highest standard, it was important to get our processes certified by an independent third party; Particularly while the company scales.

Certifications like the ISO 27001 are essential when providing company data to third parties. By pursuing this certification a range of businesses that have desired a GovConnex subscription but have been held back by internal compliance policies can now sign up to the platform.

What it means for our customers

ISO 27001 verifies the trust our customers already have in GovConnex. However, it will also allow certain customers to upgrade their subscriptions to include our GRM (Government Relations Manager).

Some of the steps we took

ISO 27001 applies a strong security lifecycle across all technology assets. However, importantly it also verifies that physical and human assets are equally as secure. To achieve this, the entire team at GovConnex undertook extensive security training.  Security controls were put in place across both IT infrastructure and employee devices to ensure they met the compliance standard. 

The entire IT infrastructure was reviewed by a third party to ensure best practice was a reality across the entire stack. Along with a suite of policies and processes which will be used across the company to enforce strong security practice.

Our security team will continue to periodically audit our compliance. Importantly, ISO 27001 is renewed annually. As such, customers can be certain that GovConnex will continually be compliant to these high global standards.

Paul Vavich is the Chief Technology Officer at GovConnex.

Our website stores cookies on your device and discloses information in accordance with our Cookie Policy. Choose “Customise Settings” to control cookies. We may collect certain aggregate and anonymised data from your browser independent of your cookie preferences. Cookie Policy