At Rustici Software, we have always considered security important. Today, I am glad to announce that three Rustici products have received ISO-27001 certification:
ISO certification was awarded from A-lign, an independent, third-party auditor. A-lign is an ISO/IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board (ANAB) to perform ISMS 27001 certifications.
How we worked towards ISO certification
About eighteen months ago, we began working towards ISO-27001 certification in earnest as a way to confirm our security efforts. ISO-27001-certification not only validates security for us but more importantly, for you, our customers. To get there, we followed a typical approach to ISO-27001 implementation of an Information Security Management System (ISMS).
In broad strokes, that process involves:
- Defining a scope
- Taking inventory of all information assets (servers, databases, S3 buckets, etc.)
- Identifying the risks to those assets
- Determining which existing controls are applicable to the identified risks
- Deciding what actions to take to address the remaining risks.
What we learned and how we’re moving forward
We learned a lot in this process. Along the way, we identified several areas that needed improvement. Now, our backups, disaster recovery plan, and application security are more robust than ever. Those improvements only occurred because we took on ISO-27001 certification.
Even with the last eighteen months of work behind us, we are not done yet. Achieving certification in no way means we have a perfect ISMS or that we are 100% secure. It doesn’t mean that malicious or catastrophic events will never impact our services. Certification means we have formalized IT Security policies and procedures. We have implemented several security measures that protect our products from unauthorized access or compromise. It also means we remain committed to improving our ISMS and our security posture.
Rustici’s commitment to security
Achieving our first letter of certification has significance and took a decisive effort. The most important benefits come from maintaining our ISO-27001 certification. Every year we maintain our certification, our products grow more reliable and secure with time. The idea of continual improvement rests at the core of ISO-27001 and at the core of how we operate here at Rustici Software.