We are proud to report that Inviso has successfully achieved ISO/IEC 27001:2013 (AKA ISO 27001) certification. We’ve had our sights on this goal for several years now, and it’s very rewarding to be able to now say that we’ve been officially recognized for our commitment to data protection and risk mitigation.
ISO 27001 is a widely recognized and internationally accepted information security standard. According to ISO, it “specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.”
The timing couldn’t be better. Data is the lifeblood of organizations today. It is for us, and it is for our customers. At the same time, cyberattacks are an unescapable reality. The attacks are relentless: phishing alone rose 61% in 2022. It’s not just attacks that are going up, it’s also the related costs. This year, the average cost of a data breach increased 12.7% from $3.86 million in 2020 to $4.35 million in 2022.
By successfully passing an external ISO 27001 audit conducted by Consilium Labs, we have demonstrated our ability to secure and protect sensitive data of all types through methodical adherence to well-established controls in our Information Security Management System (ISMS). The ramifications for our business are substantial. We have:
- Received a seal of approval from an independent third-party and established a foundation for future periodic audits, which increases confidence so our customers and partners can feel comfortable sharing their valuable data with Inviso.
- Shown our ability to meet contractual obligations to our employees and our clients by safeguarding confidential information.
- Increased our own organizational security by identifying and remediating security gaps, protecting data, and building in greater resiliency.
- Internalized the precepts of data protection across the organization down to the employee level. It’s a point of pride for us that use of the KnowBe4 security awareness training has increased sensitivity to where we’re tracking months of zero successful (simulated) attempts at phishing.
- Proven our credentials as Microsoft technology professionals with implementation of a wide range of Microsoft Security technologies, from Azure Active Directory to Microsoft Defender. (Stay tuned for a future blog where we’ll dive deeper into the role each plays.)
Our approach throughout this process has been to focus on normalizing data protection and management through careful attention to planning, controls, governance, and testing. We are always looking at ways to get better. This is not a once and done, it’s a journey of constant improvement.
“Attaining the ISO 27001 certification is a meaningful milestone for Inviso. However, the real accomplishment is having the right mix of policy, process and technology to ensure our data, and that of our clients, remains safeguarded. This certification is an acknowledgment of our hard work, and I am proud to say that our audit had zero findings, nearly unheard of for an initial audit. Achieving this goal strengthens our ability to stay one step ahead of future internal and external threats as they arise.”
— Ken Lippe, COO, Inviso
If your organization wants to enhance your security posture, step one is simply deciding to make it a priority. It’s never too late to begin. And with all the powerful technologies and learnings that are now available, there’s never been a better time to get started. We’re happy to talk if you’d like to learn more about measures we’ve implemented and recommendations for actions you can take within your own organization, so feel free to reach out, email@example.com.