At Mersive Technologies, keeping customer and stakeholder data secure is our top priority. To demonstrate that our systems and controls have been designed appropriately to achieve that goal, we sought out an independent assessment from an accredited auditing firm, BARR Certifications.
“Achieving ISO 27001 certification demonstrates Mersive’s commitment to upholding the highest standards of information security,” said Cameron Kline, director of BARR’s attest services practice. “We’re proud to work with an organization that cares about building trust and makes safeguarding sensitive data a top priority.”
In this blog post, we explain what it means to achieve ISO/IEC 27001 certification and why we chose to undergo this rigorous compliance audit.
What Is ISO/IEC 27001?
Considered the gold standard in information security, ISO/IEC 27001 is an internationally accepted compliance standard that mandates numerous controls for the establishment, operation, monitoring, maintenance, and continual improvement of an Information Security Management System (ISMS).
The certification attests that an organization has deep-rooted methodologies for business, people, and IT processes, along with an established framework to help identify, manage, and reduce risks surrounding information security.
In simpler terms, achieving ISO/IEC 27001 certification demonstrates that an organization adheres to industry standards for designing, maintaining, and continuously improving its security posture.
How Does The Certification Process Work?
Pursuing ISO/IEC 27001 certification is a multi-step process that begins with an internal audit assessing whether an organization’s ISMS has been developed, implemented, and maintained in accordance with the organization’s own standards, as well as those defined by ISO and the International Electrotechnical Commission (IEC).
Following the internal audit, organizations pursuing ISO/IEC 27001 certification are ready to begin the two-stage remediation and certification process, commonly known as the “certification audit.”
During Stage 1, an accredited third-party auditor tests the design of the organization’s ISMS, including reviewing documentation, identifying potential nonconformities, and evaluating the organization’s plan to remediate any issues. Organizations that successfully complete Stage 1 then move on to Stage 2, where the auditor tests the effectiveness of the ISMS, including ensuring areas of concern have been remediated.
At the conclusion of both stages, the auditor reviews the results of their assessments and makes a final decision on certification.
Why Did We Pursue ISO/IEC 27001 Certification?
Achieving certification against this internationally recognized standard marks a huge step forward in Mersive’s efforts to cement our commitment to data security and ensure that we’re prepared to face the challenges of the ever-changing cybersecurity landscape.
“We are thrilled to announce that Mersive has recently achieved the prestigious ISO/IEC 27001 certification,” said Alan Young, Mersive’s Chief Product Officer and Chief Information Security Officer. “This milestone not only demonstrates our unwavering commitment to data security and customer privacy but also reinforces our dedication to providing secure and innovative solutions that our clients can trust.”
Where Can I Go For More Information?
Our auditor digs deeper into the steps involved in pursuing and achieving ISO 27001 certification in a series of blog posts:
Everything You Need to Know About ISO 27001 Certification: Part 1—The Internal Audit
Everything You Need to Know About ISO 27001 Certification: Part 2—Stage 1 and Stage 2
If you are interested in obtaining a copy of our ISO/IEC 27001 certification report, please contact sales@mersive.com.
