ISO 27001

ISO/IEC 27001 is an international standard that outlines best practices for information security management. It provides a framework for protecting sensitive information, such as personal data and company secrets, from unauthorized access, use, disclosure, disruption, modification, or destruction.

‍
As an employee advocacy platform, we must ensure the confidentiality, integrity, and availability of our users' data. Adhering to ISO 27001 helps us demonstrate our commitment to information security and instill trust in our users.

‍
Some key components of the standard include:

• Risk assessment and management: Evaluating the potential threats to our users' data and implementing measures to mitigate those risks.
• Access control: Implementing strict access controls ensures that only authorized personnel can access sensitive information.
• Incident management: Having processes to quickly identify and respond to security incidents.
• Regular review and assessment: Regularly review and assess our information security practices to ensure they remain effective and up-to-date.

Certification is in progress. In mid-August 2023, the first audit is scheduled, and we will receive the first certificate. By following the guidelines set forth by ISO 27001, we can ensure that our users' data is protected and secure and that we remain a trusted and reliable employee advocacy platform.

‍