As a SaaS provider, Humanitec considers information security a top priority. We constantly strive to protect data while adhering to the industry’s best security practices. As part of our continued efforts, we’re excited to announce that we’ve received the ISO 27001 certification.
To request the full report please contact security@humanitec.com.
What is ISO/IEC 27001? And why does it matter?
ISO/IEC 27001 is a globally renowned information security standard jointly issued by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). To achieve this, we were audited by Vanta to evaluate our operational controls—particularly our cybersecurity practices. ISO/IEC 27001 provides information security management systems (ISMS) guidelines. It is intended to help keep business and customer data secure from internal and external threats with an extensive list of required ISMS controls.
For organizations considering becoming certified, ISO 27001 helps boost customer confidence, demonstrates credibility, and enhances brand reputation with the assurance that information is in safe hands. And it shows you are doing your due diligence to protect your customer's business.
Required ISMS controls
ISO/IEC 27001 is an in-depth standard of security controls divided into 14 categories:
- Information Security Policies
- Organization Of Information Security
- Human Resource Security
- Asset Management
- Access Control
- Cryptography
- Physical And Environmental Security
- Operations Security
- Communications Security
- System Acquisition And Maintenance
- Supplier Relations
- Security Incident Management
- Business Continuity Management
- Compliance
Three key cornerstones of ISO/IEC 27001
The ISO/IEC 27001 standard aims to secure people, processes, and technology via three main cornerstones commonly referred to as the C-I-A triad:
1. Confidentiality
Data and systems must be protected against unauthorized access from people, processes, or unauthorized applications. It requires using technology controls such as data encryption, multifactor authentication, and security tokens.
2. Integrity
This requires the verification of data accuracy, trustworthiness and completeness. Processes must be used to ensure data is free from error and manipulation.
3. Availability
This refers to ISMSs maintenance and monitoring and includes removing any security processes bottlenecks, minimizing vulnerabilities by keeping software and hardware updated, boosting business continuity by adding redundancy and minimizing data loss with backup and disaster recovery.
Being ISO/IEC 27001 certified demonstrates that Humanitec takes information security extremely seriously and has a structured approach to planning, implementing, and maintaining ISMS. The certification is also proof that we are up to the task. When our customer's security teams dig into our service design beyond our own claims, it provides an assurance and makes crystal clear that we’ve made an ongoing commitment to securing our operational practices.
