As a Software-as-a-Service (SaaS) provider, data security is our top priority.
To ensure that our company meets best practices for data security, our information security management system and security controls comply with the ISO/IEC 27001 and ISO/IEC 27017 standards, as well as the Cloud Control Matrix (CCM) provided by the Cloud Security Alliance (CSA).
ISO/IEC 27001 is an international standard that outlines a framework for managing and protecting sensitive company information. It is designed to help organizations ensure that their information assets are adequately protected against threats such as unauthorized access, disclosure, disruption, or destruction.
ISO/IEC 27017 is a set of guidelines for cloud service providers (CSPs) to ensure that their cloud services are secure and protect the confidentiality, integrity, and availability of their customers' data. It is a part of the ISO/IEC 27000 family of standards and provides a framework for implementing and maintaining information security controls specifically tailored for cloud services. The standard covers a range of topics, including cloud-specific threats and risks, security roles and responsibilities, access controls, data backup, and recovery. It also includes recommendations for CSPs on how to manage and monitor their security controls and how to respond to security incidents. The goal of ISO/IEC 27017 is to provide a common set of security controls that can be implemented by CSPs to ensure that their cloud services are secure and meet the needs of their customers.
The Cloud Control Matrix (CCM), on the other hand, is a tool provided by the Cloud Security Alliance (CSA) that helps us assess and improve our security in the cloud. The CCM provides a set of security controls that are organized into categories, such as access control, data security, network security, cryptography, business continuity, compliance, and incident management. These controls are designed to help organizations secure their cloud environments and protect sensitive data from threats and vulnerabilities.
Compliance with the ISO/IEC 27001 standard and the CCM shows that our company takes data security seriously. This has helped us build trust and confidence with our customers, as they know their sensitive data is being properly protected.
To learn more about why SaaS companies should comply with the ISO/IEC 27001 security standard and the CSA Cloud Controls Matrix (CCM), read our blog post.
To learn more about why SaaS companies should comply with the ISO 27017 standard for Cloud Service Providers (CSP), read our blog post.
To ensure that our company meets best practices for data security, our information security management system and security controls comply with the ISO/IEC 27001 and ISO/IEC 27017 standards, as well as the Cloud Controls Matrix (CCM) provided by the Cloud Security Alliance (CSA).