ISO 27001:2013 is one of the most recognized information security standards worldwide. By meeting the requirements of this certification, companies like Remind can continually evaluate and improve their strategy to safeguard user information.
The ISO 27001 standard addresses best practices across 14 security domains, including:
- Security Policies: Policies are documented, approved, and align with the organization’s mission to safeguard information.
- Organization of Information Security: There are adequate resources to implement and manage the information security program.
- Human Resource Security: Background checks are performed before an individual is hired, the staff is aware of their security responsibilities and the organization ensures company-issued equipment is recovered when a staff member leaves their position.
- Asset Management: Information and equipment is handled and managed according to its sensitivity.
- Access Control: Staff is provided access to work areas and corporate systems using a documented request process based on their job responsibilities.
- Cryptography: The use of encryption is properly implemented and effective at protecting the confidentiality and integrity of information.
- Physical and Environmental Security: Measures are implemented to keep equipment protected in the data center and corporate offices have secure areas for staff to work.
- Operations Security: Software is installed to protect against viruses and other forms of malware, logs contain a historical trail of activity in systems, and approved procedures are used to maintain and monitor the performance of key systems.
- Communications Security: Networks are properly configured to protect information being transmitted between systems.
- System Acquisition, Development, and Maintenance: Security requirements are defined for software development, IT projects, and applications.
- Supplier Relationships: Risk assessments are performed to evaluate the security practices for new vendors, agreements are carefully negotiated and existing vendors are reviewed regularly.
- Information Security Incident Management: Roles and responsibilities are defined to report, detect, and respond to incidents.
- Information Security Aspects of Business Continuity Management: The organization has established, documented, and tested plans that support ongoing business operations.
- Compliance: Processes are developed in order to enable the organization to identify its compliance obligations related to applicable laws, regulations, intellectual property rights, personal data, and records protection.
Read more about Remind’s security practices here.