At Enpass, our mission is to secure the digital worlds of individuals, families and businesses. Putting customer privacy and security first, we never store user data on our servers – instead we give people the choice of where they store their passwords, logins and other information – locally on their devices, or in their trusted cloud.
Continuing our commitment to continue to deliver the utmost security and protecting customer, partner and supplier data, we’re excited to announce that the Enpass Information Security Management System (ISMS) is now ISO/IEC 27001 certified.
The International Organization for Standardization (ISO), is an independent, international organization that develops a variety of standards to ensure the quality, safety and efficiency of products, services and systems.
What is ISO/IEC 27001?
The ISO 27001 standard is designed to help organizations implement an effective ISMS to assist them in managing the risk of cyber attacks and internal data security threats. As we’ve been growing as a company, our organization has become more complex, potentially exposing our infrastructure to more vulnerabilities that aren’t immediately obvious. That’s why we made the decision to go through ISO/IEC 27001 certification to ensure our ISMS is as secure as it can possibly be.
This particular ISO standard ensures the continual improvement, development and protection of information by implementing appropriate risk assessments, policies and controls. Being ISO 27001 certified means that our ISMS have been thoroughly audited by an independent third party. The audit ensures that we are conforming to the standards set by ISO and our processes work effectively and efficiently.
What does it mean to be ISO 27001/IEC 27001 certified?
Risk management is at the core of ISO 27001 so throughout the certification process we’ve identified all of the sensitive and valuable information we hold within our organization that needs to be protected, determined what risks that data could potentially be exposed to and implemented appropriate controls and processes to mitigate any threats to data confidentiality, integrity or availability. The standard provides a framework for choosing appropriate controls and processes.
Throughout the 6 month process we’ve been required to:
- Identify stakeholders and their expectations of the ISMS
- Define the scope of our ISMS and a security policy
- Conduct a risk assessment to identify existing and potential data risks
- Define and implemented controls and processes to manage those risks
… And we’ll be continuously measuring and improving the performance of our ISMS going forwards.
By meeting ISO 27001 requirements, we’re proactively reducing information security risks and improving our ability to comply with data protection mandates – this includes both cyber criminals breaking into our organization and data breaches caused by employees making mistakes. This is just one more way of demonstrating our commitment to protecting the data of our customers, partners and suppliers.
At Enpass, we strongly believe that the ISO 27001 certification is beneficial internally as well as externally. The framework ensures that we have the tools in place to strengthen our organization across the three cyber security pillars of people, processes and technology. We see it as a way to continue to build trust with our users, partners and suppliers and give them greater peace of mind.