Why we pursued ISO 27001 certification
What is ISO?
ISO 27001 is a certification issued by the International Organisation for Standardisation (ISO). It contains a set of high level technological and human standards for handling information securely.
The three key principles of the ISO 27001 certification are:
- Confidentiality - information is classified and only disclosed to authorised stakeholders
- Integrity - information is accurate
- Availability - information is accessible when required
Together, these principles ensure that all customer information that GovConnex holds is secured to a high international standard.
Why is it important?
You are only as secure as your weakest link. The certification not only keeps our development team accountable, but it ensures that our organisation has the tools and processes across the entire organisation to continue to take action and improve our security posture.
Trust is critical, and while our data security procedures were already at the highest standard, it was important to get our processes certified by an independent third party; Particularly while the company scales.
Certifications like the ISO 27001 are essential when providing company data to third parties. By pursuing this certification a range of businesses that have desired a GovConnex subscription but have been held back by internal compliance policies can now sign up to the platform.
What it means for our customers
ISO 27001 verifies the trust our customers already have in GovConnex. However, it will also allow certain customers to upgrade their subscriptions to include our GRM (Government Relations Manager).
Some of the steps we took
ISO 27001 applies a strong security lifecycle across all technology assets. However, importantly it also verifies that physical and human assets are equally as secure. To achieve this, the entire team at GovConnex undertook extensive security training. Security controls were put in place across both IT infrastructure and employee devices to ensure they met the compliance standard.
The entire IT infrastructure was reviewed by a third party to ensure best practice was a reality across the entire stack. Along with a suite of policies and processes which will be used across the company to enforce strong security practice.
Our security team will continue to periodically audit our compliance. Importantly, ISO 27001 is renewed annually. As such, customers can be certain that GovConnex will continually be compliant to these high global standards.
Paul Vavich is the Chief Technology Officer at GovConnex.