After months of hard work lead by our Head of Operations, Jack, and CTO, Gus, and supported by the whole Deazy team, we are excited to announce that we are officially ISO 27001 certified! This is a really important milestone for Deazy as a rigorous check and seal of approval on our information security standards, ensuring that we can continue to onboard some of the biggest enterprises across the globe.
ISO 27001 certification is an international security standard, defining how to manage info security in the safest way possible. Recognised as the highest standard of information security, the certification guides businesses on the implementation, support, and measurement of all digital asset management. From scope and leadership, to planning risk management, and improvements, the certification encompasses all areas of information security.
Aside from being an internationally recognised certification of excellent information security, operating inline with ISO certification standards assures that Deazy is as protected as possible against potential data breaches.
ISO 27001 Certification gives Deazy’s clients tangible assurance that our team keeps all information secure, and that our policies have the highest level of attack resilience. What’s more, the certification creates frameworks for the future, to help our team grow sustainably.
Talking about the certification, Deazy’s CTO Gus Chadney said: “We chose to get ISO 27001 certification because we recognise that this would be hugely beneficial as we put new systems, processes and policies in place and built a solid foundation for our information security.”
“ISO 27001 gives us a framework to continually improve how we operate on a day-to-day basis; ensuring that as we grow, we have a clear way of working when it comes to onboarding new employees, new clients and delivery partners.”
Creating policies and frameworks which keep information security in-mind every step of the way applies to both our own team and our wider ecosystem. We’re working hard to give our delivery partners access to information about security standards and encourage them to update their own policies to be in line with ISO 27001’s guidelines.
When onboarding Delivery Partners, our team also goes through a number of due diligence steps to explore each development team's security policies. [testimonial]To join Deazy’s ecosystem, teams are asked to complete an in-depth InfoSec survey and are assigned a risk score. Teams who go above and beyond our rigorous security threshold score, are given access to an initial project to work on whilst being encouraged to improve any security standards highlighted for further improvement.
Our team is also working on implementing new educational initiatives to raise awareness about the importance of information security. This will allow our delivery partners to continually improve their own cybersecurity policies and eventually become ISO 27001 certified themselves.
Deazy was able to achieve their ISO 27001 certification with the help of Securious Academy. Our team approached Securious in 2020, in order to create an information security framework that could be built from the ground up.
Implementing good practice, which can be applied as Deazy’s team scales and builds, has helped eliminate the hard job of having to re-implement and change policies in the future
“Working with Securious has been very valuable!'' Jack, Deazy’s Head of Operations. “Some see the world of information security as a bit ‘boring’, but Securious continually relates it to genuine business problems, and how important it is to get right - this is key when setting up a system to work across Deazy.”
Elaborating on the experience of working with Securious, Gus added: “When implementing the ISO 27001 standard, the traditional consultancy approach could have worked for us. However, the way the Securious Academy gave us bite-size blocks for building our information security systems gave us flexibility around our workload and meant Securious were always on-hand to bounce ideas and generally support the implementation.”
The achievement of ISO 27001 certification is just the first step in ensuring that as our team grows all client and internal data is kept safe. We are now exploring ways to continually improve information security standards and manage our policies across the whole ecosystem.
We are also working on finding new tools and services which can support the growth of partners - while simultaneously mitigating and reducing risk of security breaches.