We are very proud to announce that CloudWay has recently become ISO 27001 certified, the international standard for Information Security Management Systems (ISMS). CloudWay was the first company that DNV certified that does not have company offices. We have only home offices, which means our security boundary is heavily focused on zero trust, protecting the identities, devices and data.
What is ISO 27001?
ISO/IEC 27001:2013 Information Security Management ISO – ISO/IEC 27001 — Information security management is an international standard for information security. ISO 27001 provides guidance for creating an information security management system (ISMS) that encompasses people, processes, and technology. Read more here.
Why getting certified
CloudWay works with Microsoft 365 with and for our customers. Many of the projects we run today are heavily focused on management, security and compliance. Since we work with risk-averse companies, they need to know that they can trust CloudWay as a company and how we manage our internal IT. The ISO certification speeds up our process for proving that we can earn that trust as we conform to a globally recognized certification
The confidence we now have in our own internal routines and the time saved documenting our processes for our customers and partners are priceless. – Ståle Hansen, CEO
How we can help you on your road to the ISO certification
Our Principal Cloud Architect Compliance, MVP Nikki Chapple led our ISO certification process. She has more than 20 years of experience with conforming to international standards such as the ISO certification. In addition, she has a broad knowledge in compliance and security thinking and deep hands-on knowledge of what this looks like in Microsoft 365. CloudWay can help you get started on your journey towards your ISO certification, by advising on a good approach and start tuning your Microsoft 365 environment. Read about how Microsoft Purview has pre-built assessment templates for ISO 27001 on Nikki’s blog.
Here is how we ran the process
The ISO 27001 certification journey is a multi-step process requiring commitment from senior leadership of your organization to ensure successful implementation. CloudWay’s expertise in compliance allowed us to take a self-led approach to the ISO 27001 certification with audits and reviews actioned by the external certification.
ISO27001 is not a one-off certification it is about continuous improvement. The figure below shows the internal actions required for CloudWay to become and remain ISO 27001 compliant and the external actions managed by the external certification body.
Rather than building and ISMS from scratch Cloudway selected an online compliance software tool called Conformio. The tool was easy to use – it walked us through the implementation with step-by-step instructions and prompts. The software helped us create the documents quickly with minimum effort. With Conformio, we were able to accomplish the certification in a fraction of the time that it would have taken us on our own.
In addition, Conformio, will help us maintain our continued compliance with the standard by providing the tools to monitor, measure and review our compliance risk posture. The tool has guidance to help us transition to the new ISO 27001:2022 version over the next three years.
CloudWay’s journey to ISO 27001 certification allowed us to take a holistic view of information security, developing risk-based security controls focusing on people, processes, and technology. A top-down approach was crucial to embedding continuous improvement into our culture. – Nikki Chapple, Principal Cloud Architect Compliance
CloudWay and ISO 27001
Use our contact form if you want to pick our brains for your ISO 27001 certification journey and learn how we can help jumpstart your process. You can find our official credentials on the DNV website, just search for CloudWay and answer the captcha challenge. https://certificatechecker.dnv.com/