When planning our 2021 roadmap in Q4 2020, one of the most prominent themes was security. Although we’re not solely in the security category, as a fully managed service in the heart of our customers’ software supply chains, it was always paramount for what we do and still is. Ensuring the integrity and privacy of customer data is our top priority.
Although we’ve always paid particular attention to good security practices, such as aligning to OWASP’s ASVS framework, obtaining annual independent security audits, and empowering a community of bug bounty researchers, it wasn’t always easy to prove it. By aligning to a standardized framework, we could obtain certifiable proof that we’re doing security right.
As such: After nearly a year of effort in which we designated 2021 as the “Year of Security”, we’re incredibly proud to announce that we are now officially ISO27001:2013 certified. The certification is an incredible achievement by the team at Cloudsmith and excellent news for all of our customers. We are super excited about it, and hopefully, you are too!
So, when we say we take security seriously, we mean it.
What exactly is ISO27001:2013?
ISO27001:2013, also known as ISO27001, is an internationally recognized gold standard for managing information security. It details the requirements for implementing an Information Security Management System (ISMS) within organizations, with the ultimate aim to ensure that the information assets they possess are more secure.
Designed to cover much more than just IT, it is a complete end-to-end framework of policies and procedures that includes people, processes, and controls at all levels of the business. Unlike frameworks such as SOC2, an organization must be formally certified by independent International Organization for Standardization (ISO) accredited bodies.