We are here to help you plan, prepare, respond, and report on anything that comes your way. Let us show you how!
Oct 21, 2021Back to Veoci Blog
Protecting customer data and maintaining best-in-class information security has always been Veoci’s top priority. Back in 2011, the team based daily operations and emergency protocols on global standards for awareness training and technical control. They wrote and then adhered to extensive security management policies to earn and sustain trust from employees and partners.
At the end of July, Veoci completed ISO/IEC 27001:2013 certification, gaining prestigious recognition as a company that follows the international standards for information security management systems.
With origins in 1946, the International Organization for Standardization (ISO) is an independent, non-governmental organization. Renowned experts come together through ISO to develop and define industry standards for the quality, safety, and efficiency of products and services. Neither ISO nor a company itself can endorse certification; rather, a third party must evaluate a company’s processes before giving a written assurance of compliance.
ISO/IEC 27001:2013 certification is for information security management systems (ISMS) that conform to specific requirements. These include whether the ISMS was established and implemented with strong security mechanisms in place, is maintained based on rigorous risk-management measures, and is continually improved upon as technology and the organization itself evolve. ISO certification covers information security risk assessment and treatment; companies must have resilient practices that control access to information and prevent unauthorized use, modification, or destruction of data. Rather than one and done, certifications are regularly reevaluated via management reviews to assure the ISMS remains effective and agile in achieving both the company’s and customers’ aims.
The Veoci platform was an invaluable asset for certification. Specifically, tools such as dashboards, forms, rooms, and workflows made the audit preparation clear and efficient. Through documented business continuity and disaster response plans, up-to-date records management, and automated reminders, the system could readily indicate to which controls and standards it adheres.
To get certified, Veoci had to demonstrate creation of an ISMS and proficiency in all aspects of information security management. Since Veoci had followed ISO requirements since inception, the team was well prepared for third-party certification. They first performed a risk assessment, implemented controls to treat those risks, chronicled policies and procedures, and undertook an internal audit. These steps helped team members understand any lingering gaps and identify the best ways in which to measure, monitor, and review the ISMS. For example, creating a dashboard proved how Veoci followed ISO requirements; dashboard tiles pulled in data saved for each department in rooms, and calendars tracked relevant progress on assigned tasks.
Veoci’s digital tools and controls made the accreditation process and achievement all the more satisfying. The team relies on zero paper or paper trails; from onboarding to ticketing, everything is digitized for easy review and complete control. These mechanisms caught discrepancies and cleared issues before they escalated, and the team was pleased to eventually learn from the auditors that Veoci had zero nonconformities.
While ISO requirements land on the technical side of operations, they promote innovation and ingenuity among ISMS companies without compromising data safety. Through this certification, Veoci makes a promise to customers that the system increases efficiency, reduces costs, and improves user satisfaction and engagement, all while monitoring and minimizing security risks. The cloud-based platform runs on multiple availability zones hosted by Amazon Web Services (AWS), which too is distinguished by ISO 27001 certification and adds an additional level of security.
In action, security levels have been incorporated into the bones of every Veoci solution. There are numerous possibilities for setting authorization and permissions coupled with strong access controls. Within the same system and mere minutes, a Veoci user can send a confidential file with the knowledge that the appropriate person will receive it; set up a virtual collaboration space and invite specific team members to join; and post a message for the entire workforce to read in celebration of a recent accomplishment.
Veoci’s team is proud of the certification and excited by the opportunity of customers utilizing the platform for their own ISO audit and certification. The system secures information and maintains clear records to support the process and evergreen compliance. With this experience and achievement in hand, Solutions Engineers can replicate the steps while adapting it to meet customers’ specific needs.
Overall, the accreditation affirms Veoci’s role as a leading ISMS on the international stage—our partners can be confident in Veoci’s credibility and expertise when working together to achieve a secure software solution.
Receive all the latest emergency, crisis, and continuity management news, tips, and advice