Current compliance – ISO/IEC 27001:2022 certified

Information security, cybersecurity, and privacy protection.

Following a successful transition audit by TÜV, we transitioned from our existing ISO27001:2017 standard to the new and current :2022 version. With that, we continue our commitment to information security, cloud readiness and privacy protection.

2017 vs 2022: what changed?

We sat down with our CISO, Bas Loen, to break it down a little. He explains that regulations like ISO27001 evolve constantly to stay relevant towards equally evolving risks. For the updated :2022 standard, for instance, a number of controls have been updated, restructured and added since the last version, such as for cloud services, remote work, threat intelligence and secure configuration.

Virtual by design

As with :2017, we were audited again as “virtual organization”, Bas continues, meaning from the full scope of the ISO27001 audit, 29 controls are excluded because they do not apply. Think no server rooms, no on-prem data centers, no central IT closet. Instead, we’re aligned with the actual operation and standards for a digital-first organization.

Double milestone

Successfully completing the audit is an achievement in itself. But, this time was even more so as we brought in our German operations in under the same certificate, unifying our approach to security posture and standards across the markets in which we operate.

If you are navigating ISO27001 as a modern, cloud-native “virtual organization”, preparing for an audit yourself, or curious to know more about what a remote audit looks like, feel more than welcome to reach out for a chat. We’d be happy to share some of our learnings!