At GLX Digital, the security and privacy of our customer data is our highest priority. In fact, we’re so focused on keeping our information assets secure, achieving ISO 27001 certification was a non-negotiable for our business
But what does this actually mean, and why should our customers care? David Wilson, GLX Digital Chief Technology Officer, explains further below.
What is ISO 27001 certification?
ISO standards are agreed on by a panel of international experts. Considered best practice for making products, managing processes, delivering services or supplying materials, the standards cover a wide range of products and services.
Specifically, ISO 27001 (or ISO/IEC 27001:2013 as it’s also known) is the gold standard for ISMS (Information Security Management System).
“ISO 27001 is one of the International Standards Organisation's (ISO) quality standards and enables an organisation, regardless of its industry, to best manage the security of assets such as financial information, intellectual property, employee and third party details,” explains David.
“GLX Digital specialises in building solutions for enterprise customers. The ISO27001 certification confirms that a qualified, independent auditor has assessed that our ISMS – policies and procedures around information security – are appropriate and operational.”
Why ISO 27001 certification matters to our customers?
While GLX is legally bound by various privacy and data protection legislation (see below), obtaining ISO 27001 certification is completely voluntary. We choose to adhere to the standard because we see it as best practice and a way of guaranteeing our customer’s data privacy and security.
“ISO 27001 certification provides complete confidence that our practices, procedures and controls meet our customers’ most stringent requirements,” says David.
“Customers can be assured that our policies, procedures and practices are fit for purpose and protect the confidentiality and integrity of our services.”
The bottom line? Our ISO 27001 certification gives our customers confidence that our practices, procedures and controls meet industry best practice requirements.
What does it take to gain and maintain ISO 27001 certification?
Achieving ISO 27001 certification is no mean feat. It’s an exhaustive process through which companies must demonstrate they have policies, processes and systems in place to protect data across around 145 different areas.
“Typically, the process of certification takes 12 to 18 months,” explains David. “Prior to certification we undertook a full internal audit and two external audits so in our case, we had the majority of the systems in place. Documenting and formalising the processes has resulted in an ISMS with continuous improvement based on ongoing risk assessments,” explains David.
Keeping ISO 27001 certification is an equally rigorous process.
“Annual surveillance audits and triennial certification audits are part of the process for retaining certification. It's not just a trophy for the pool room, but an ongoing commitment to InfoSec.
“Continuous improvement, based on risk assessment is entirely compatible with our Agile DevOps processes and we have found the combination to be valuable.”
What else does GLX DIGITAL do to ensure your data security?
In total GLX Digital is bound by four sets of privacy legislations and standards. All, except ISO, are mandatory and include:
In addition, GLX uses Amazon Web Services (AWS) for security management and tooling, including encryption, logging, architecture and monitoring.
Our development team employs secure coding techniques and best practices providing multiple layers of security controls and technologies to protect access to, and within, our environment.
We conduct background screening checks at the time of hire for all new employees and grant access to systems on a need-to-know basis. Permissions are reviewed quarterly, and revoked immediately after an employee leaves the company, or is re-assigned.
And to further ensure the security and protection of your data, we offer (and recommend) a two-step authentication, and encrypt any data stored on our servers or transferred between regions for back-up and replication, using industry-standard TLS (Transport Layer Security).