In 2022 CloudWay certified for the ISO 27001 standard. This is the international standard for Information Security Management Systems (ISMS) and we see that our customers and partners appreciate the trust this certification provides. Some customers even require the certification. The certification is a 3 year journey with periodic audits year one and two. Year three is a full re-certification.
For each of the periodic audits a specific focus area is chosen, this year DNV chose effective monitoring of security performance of the cloud service providers. This meant a deep dive audit in all our documentation, log routines, review routines and incident handling routines. For CloudWay, this is primarily Microsoft 365, but we use other cloud services as well such as Tripletex and DocuSign.
Part of the audit was how we ensure the cloud providers adhere to the ISO standard and meet our requirements for safe handling of data and assets. During the audit, it became clear that we went above and beyond in good practice for documenting, validating and building routines around our cloud providers, which then gave us a top score, 5 of 5. The DNV auditor mentioned that a top score is not handed out lightly. Here are some of the positive indicators we got.
- Established good practice on identifying requirements to information security for suppliers as well as evaluation of the deliveries; and this is well documented
- Various reports from vulnerability testing, penetration testing, security assessment and compliance also actively used as part of performance evaluation of the key supplier
- High level of information security awareness in the organization
- Using SWOT and PESTLE methods for context analysis
- Different sources used to monitor and to conclude on input for new as well as changes in existing applicable laws and regulations
- PIM Audit dashboard actively in use on access control; and also plans in place to further develop the dashboard
This is no simple feat and MVP and Principal Cloud Architect, Nikki Chapple, made the process a walk in the park for CloudWay. Combined with MVP and Principal Cloud Architect, Jan Ketil’s insights, the collective knowledge at CloudWay and Nikki’s structured approach and deep set of skills in the compliance and governance space, we managed to reach top score.
We are very proud of this achievement and if you would like to set up a call with CloudWay to look in to how you can get started on your ISO 27001 journey or improve your information security posture, feel free to contact us through this form.