Everything To Know About Our ISO 27001 Certification

Shir Wegman

Director of Product

Summary: ISO 27001 assures our clients that we meet the highest standard of security.

As providers of information security technology and expertise, it’s important that Scytale walks the walk. After all, we’re a SaaS company that’s uncompromising about information security, just like many of our clients. 

Becoming ISO 27001 certified is an effective way to assure our clients that our own systems meet the highest standard of security. Let’s be real – would you really choose to rely on data security software from a company that neglected its own data security? 

But it’s more than that. Becoming ISO 27001 compliant was an excellent way for us to rigorously examine our own processes, test our best practice, and become more flexible and resilient. In that sense, the compliance process quite literally is a journey of discovery. 

That’s because implementing an exacting standard like ISO 27001 is about testing and learning. Identifying potential weak points and taking action. It’s about being proactive and anticipating problems before they occur.

As our clients who choose to implement ISO 27001 or SOC 2 Type II understand, these aren’t static one-off events. The process of discovery also equips you to maintain a consistent, high standard of service and security. 

To appreciate why, let’s take a closer look at how ISO 27001 functions.

What is ISO 27001 compliance and why does it matter?

ISO 27001 is an independent standard for managing information security that is respected around the world. As ISO 27001 certification is conducted by an independent auditor, it’s an effective way for any SaaS business to demonstrate to potential partners and clients just how seriously it takes data security. 

But why is ISO 27001 considered such an important benchmark? It’s not just that it defines effective controls. It’s that it enables you to implement your controls systematically. That way, you can be sure there are no gaps in your security protocol, and all relevant team members are working effectively to realize the company’s InfoSec goals. 

More specifically, ISO 27001 is a highly effective framework for a company’s information security controls. Rather than applying security controls in an ad hoc or reactive manner, the protocol sets a systematic, rigorous and comprehensive framework for controls. 

The framework takes the form of an information security management system (ISMS). By implementing an ISMS, your business adopts a comprehensive, integrated security framework. 

That may sound fairly abstract. But the ISMS is focused on three fundamental goals: Confidentiality, Integrity and Availability. 

For any company that manages cloud-based user data, the value of meeting these goals is clear. Users are assured that their data cannot be altered by non-authorized users, that their information cannot be accessed without authorisation and that the service is available when required.  

What this means for Scytale

Meeting the exacting ISO 27001 requirements takes a commitment of time and resources. Fortunately for us, it was also an opportunity to test one of our core principles: technology makes compliance more effective and easier to achieve. 

After all, Scytale offers a compliance tool. By becoming ISO 27001 compliant we demonstrate to our clients just how much we value compliance, and that our systems, themselves, are safe, secure and reliable. 

In fact, our number one priority is earning our customers’ trust. Our customers need to be assured that they can rely on our systems and that their data is secure. ISO 27001 certification ensures we meet our customers’ highest standards and enables us to demonstrate the steps we’ve taken to secure their data. 

Compliance technology in action 

But at the same time, we confirmed the value of compliance technology. Our compliance process was much faster, simpler and easier because we deployed automation wherever possible.

That isn’t just quicker; it’s also more reliable, as human error is minimized. 

This is not to say we chose automation at the cost of human engagement. Our philosophy has never been either/or; not in the service we provide to our clients and not in terms of our own business ethos. Rather it’s both/and. After all, good technology compliance doesn’t replace human insight. It supports it. 

We deployed digital tools to empower our team, enhance workflow and ensure everyone is fully invested in our compliance process, with crystal clear channels of communication.

Investing in our people and processes

Implementing ISO 27001 was a great opportunity to bulletproof our processes and test our systems. By investing in our people and system, it’s also an opportunity for Scytale to accelerate our own growth. 

After all, it’s important for us to build a strong and secure foundation on which to offer real value to our customers, now and in the future.

As compliance specialists, we appreciate just how important compliance is to our customers and to their customers in turn. Becoming ISO 27001 certified marks an important milestone in our ability to offer SaaS companies the exacting standards their customers demand of them.