When you're trusted with delicate information on a daily basis, you don't take security lightly.
Protecting our clients' sensitive data and aligning our work with their own security requirements is something we simply do. We've been doing it for years, but now it's also been affirmed by an independent third party – the leading international certification provider Bureau Veritas.
As of June 2021, Infinum is the proud holder of the ISO/IEC 27001:2013 certificate.
Why is our security important for our clients?
Do you know the old saying The chain is only as strong as its weakest link? A company may be secure as a fort, but those with malicious intents will try to find a back door, a less secure place where that company's data is accessible. This is what supply chain security is about. While most of our current and potential clients keep an admirable security level, it's difficult to stay immune to supply chain attacks.
We are doing everything in our power to be one step ahead and to prevent any security compromises. We carefully assess anything and anyone we work with – from our hardware and SaaS providers to our maintenance staff.
In practice, it means we implement various technical security measures such as obligatory data encryption and obligatory 2FA, as well as non-technical ones like employee awareness training. We do it to prevent any breach of confidentiality, integrity, and availability of information. It also means we regularly conduct internal audits where we review our compliance with our own security measures.
Our clients can rest assured that we guard the information they place in our hands securely. We take into account all imaginable levels, from technical to legal and HR. Furthermore, an independent and reliable third party confirmed that we satisfy the strict, detailed criteria prescribed by international authorities.
What does ISO stand for?
ISO stands for International Organization for Standardization, an independent team of international experts who set the standards for what it means to be of great quality. IEC is the International Electrotechnical Commission, the world's leading organization for international standards in the field of electrotechnology (electrical, electronic, and related technologies). Together, the two represent the highest authority for information security standards.
The ISO/IEC 27001:2013 is the most robust international standard for information security.
The standard prescribes what it means to establish an information security management system within an organization, defines how an organization should implement such a system, maintain it, and continually improve it, as well as lays out the requirements for handling security risks.
To achieve this certification, we had to prove our continuous commitment to handling all types of sensitive information, whether that information relates to a business, their employees, or their customers.
Continuous commitment to security
With cyber-attacks making headlines and the threat landscape evolving every day, you can never become complacent about your current level of security.
In the words of the legendary computer security expert Eugene Spafford, "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts."
Since our systems are much more functional when there's no concrete poured over them, we remain committed to investing continuous effort in raising the level of security. Information Security Management certification is proof we're headed in the right direction.
Thanks Nikolina Fuzul for the cover illustration.