What is ISO 27001?
ISO 27001 is an international standard for information security, which provides a framework for the information security management system (ISMS) within an organisation. Like Dubber, ISO 27001 is all about constant improvement, and encourages a system that works to constantly optimise itself.
In order to gain certification, we developed and implemented a rigorous security management programme, including an ISMS. This management system went through a rigorous auditing process that thoroughly examined our approach to information security and the controls we have put in place. We were able to achieve this by establishing an ISMS leadership team, comprising of senior management, and an InfoSec lead to champion and to manage this within Dubber. We engaged InfoSec consultant QMIS in the early stages of the initiative and we leveraged the ISMS.online tool to enable us to centrally manage our ISMS, and to make ongoing governance easier for us in the long term. In order to receive our certificate, we worked with these cloud security specialists and were put through a rigorous auditing process that thoroughly examined the information security management and controls we have put in place.
“Our ISO 27001 certification is an important indication of our dedication to protecting the information handled by Dubber. Our approach to compliance and security has always been proactive and rooted in continuous improvement, and this certification shows our dedication and long-term commitment to data protection.”
— James Slaney, Dubber Head of Product
The key principles
The three tenets of an ISO 27001 compliant ISMS are:
- Confidentiality: ensuring access to information is restricted to certain authorised individuals
- Integrity: ensuring that information processing methods are consistently accurate and thorough
- Availability: making access to information and assets available to authorised individuals
How we protect data
Here are some of the ways we at Dubber are continually working to protect the data we process both on our platform and throughout our organisation:
- Establishing, maintaining, monitoring, reviewing, auditing and continually improving our ISMS
- Establishing, reviewing and communicating our information security objectives and performance measures
- Committing to satisfy business, legal, and regulatory and contractual security obligations
- Committing to continual improvement of our ISMS by seeking feedback from clients, staff, and through internal and external audits
- Ensuring that the ISMS is communicated with every member of the Dubber team