Understanding ISO 27k Certificates: Impact on Products and ServicesSeptember 29, 2023
Introduction to ISO27k and ISO 27001
ISO/IEC 27000-series, or ISO27k in short, is a family of standards that set a comprehensive framework for identifying, managing, and mitigating information security risks. The beauty of ISO27k is that implementing these standards can be tailored to your company’s needs and can ultimately bring numerous benefits to the company, regardless of its size or industry.
ISO 27001 is a specific standard within the ISO27k family, which focuses on the design of Information Security Management Systems (ISMS). It provides a systematic approach for managing sensitive company information, ensuring its confidentiality, integrity, and availability, and is one of the most widely recognized and adopted information security standards globally. Let’s dive a bit deeper into the significance of obtaining ISO 27001 certification.
The Significance of ISO 27001 Certification
Companies that achieve ISO 27001 certification have undergone a rigorous assessment and regular independent audit process by an accredited certification body. This certification means that the organization complies with globally accepted information security best practices and maintaining the certification indicates a commitment to continuous compliance and improvement of its security posture. Another significant standard in the ISO27k series is ISO 27701, which we will explore next.
Introduction to ISO 27701 and Compliance
ISO 27701 is a privacy extension to ISO 27001, which means it builds upon its foundation and adds specific requirements for managing privacy information within an organization. The standard provides guidelines for implementing a Privacy Information Management System (PIMS) and is designed to help organizations comply with privacy laws and regulations, such as the European Union’s General Data Protection Regulation (GDPR) and other numerous privacy frameworks worldwide.
At Microblink, we are committed to adhering to these standards to ensure the utmost security and privacy for our customers.
Microblink’s Commitment to Security and Privacy
In summary, by maintaining these certificates and related practices Microblink wants to reassure our customers that we take privacy and security seriously and we will handle their data and services with utmost care. In a world in which it is becoming increasingly common to use someone’s personal data without their knowledge, consent or by pressuring someone to give consent for the improvement of some commercial services, Microblink wants to be completely transparent and clear about our use of personal data. If a customer decides to share their data with us we will do everything we can to protect that data and use it only for the purpose we have received the consent for and only for the duration of that consent.
Products related to management of personal and identification documents are a staple here at Microblink and we are proud of how fast and accurate they work. These products handle personal information and, depending on the type of service, some of that data are sent to and processed by Microblink. Let’s look at how we ensure data security, privacy, and compliance at Microblink.
Ensuring Data Security, Privacy, and Compliance at Microblink
Furthermore, we use images of personal and identification documents to improve our products and services, and train the AI models to become even more efficient. This meticulously planned process is done with security and privacy as one of the most important requirements. Our facilities which are being used for data annotation and model training are designed with a high level of physical security and privacy protection in mind.
We are constantly reviewing and tightening measures to make sure that access to personal data is restricted and a need-to-know principle is adequately applied, with regular user access reviews. We also believe that employee awareness is the key so that every person working with confidential data can notice when something is not done right and suggest improvements. That’s why we are conducting regular security and privacy training and workshops on different levels and with specific risks in mind. We are also regularly conducting incident response and business continuity exercises and try to include many different systems and organizational units. Every person in the organization is accountable for the data we are responsible for.
Our development practices also follow strict security and privacy by design and default principles which are established to take care of those risks from the initial stages of product development. This means that we implement only recommended encryption algorithms for data at rest and in transit, we apply security hardening wherever we can, we keep a tab on potential vulnerabilities and conduct regular independent penetration tests of our products and services. We also understand how supply chain security and third party risk is important, now more than ever. Which is why we make sure that all of our critical vendors and partners are following the same practices as we are, and that our contractors are on board with our internal security and privacy policies. All these measures contribute to the security of our products and services, reinforcing the trust that our customers place in us.
Trust in Microblink’s Secure Products and Services
All of this is why we are also proud of how secure our products are. But don’t worry, those security and privacy standards and best practices are not limited to our identity line of products.
Microblink’s entire organization understands how valuable your data and services are, together with the trust of your clients, and we want you to unreservedly extend that trust to us.