When you choose Stackfield, you always choose the best possible protection for your data. From the very beginning, we have been committed to information security and have made it our goal to establish Stackfield as the leading all-in-one tool for productive and, above all, secure collaboration. So it was natural for us to pursue certification, which reinforces our commitment to this goal and proves that information security is non-negotiable for us.
We are aware that business processes always involve working with often highly sensitive data and information. With ISO 27001 certification and the associated introduction of an information security management system (ISMS), we have taken a major step toward ensuring their security at all times.
In this article, you will learn what exactly ISO is, what ISO 27001 certification is all about, and what it means for us.
What is ISO?
The International Organization for Standardization, or ISO, is a worldwide non-governmental organization with the aim of developing and promoting international standards. These standards define quality and safety requirements for products, services, management systems and processes in order to improve cooperation in business, technology and science. Certification to ISO standards allows a company to demonstrate that a service, product or system meets the requirements of that standard. While ISO develops these standards, independent certification bodies verify compliance.
ISO 27001 certification and its benefits
ISO 27001 certification is basically about implementing an information security management system in the company, ensuring that information security is considered in all areas and processes. It provides companies with a framework for effectively protecting and managing their assets. ISO 27001 certification proves that a company has implemented all the necessary measures to protect its assets. This involves the following core objectives:
- Confidentiality: Only authorized persons may access information.
- Integrity: Information can be changed only by authorized persons.
- Availability: Required information must be accessible to authorized persons at all times.
In addition to reducing security risks, such as cyber attacks, data loss or misuse, and improving the protection of sensitive information, an ISMS brings many other benefits. ISO 27001 certification demonstrates the company's strong commitment to protecting sensitive information. Moreover, many companies now expect their suppliers to have an ISMS in place to meet regulatory and contractual requirements for business relationships, as this also makes it easier to meet their own obligations to produce evidence. The introduction of a certified information security management system thus creates additional trust and shows that the supplier takes its responsibility for protecting information seriously.
Our path to certification
Over two years ago, we decided to tackle the ISO 27001 certification project and have been in an ongoing process ever since. The first step was to gather all assets and values – including the Stackfield brand and all processes and areas – and take a close look at them. Possible risks that have an impact on availability, integrity and confidentiality were thus identified and, in the next step, reduced through targeted measures if necessary. We have implemented all of these measures derived from Annex A of ISO 27001 without exception.
After the intensive two-year preparation, we underwent and successfully completed the multi-day audit by TÜV SÜD in December 2022. In the process, we were able to prove that we have implemented an ISMS in accordance with ISO 27001 and that we meet all the associated requirements. This means that Stackfield is now officially one of the approximately 1,600 certified companies (of currently approx. 3.4 million companies) in Germany. This certification proves that we have implemented appropriate solutions for potential security risks and threats in the form of technical and organizational measures.
Further certifications in the future
Our top priority is that our customers and business partners can rely on us when it comes to information security and data protection. That is why we have more certifications planned for the future, such as BSI C5, ISO/IEC 27017:2015 (information security for cloud services) and ISO 27018:2019 (protection of personal data in cloud services). The procedures for obtaining the two ISO certifications are already underway and are expected to be finalized in the second quarter of this year.
Almost finished...Please click the link in the email and confirm your email adress to complete the subscription process.
Never miss a post. Get awesome insights in your inbox.