At Persona, our goal is to enable trust between businesses and their customers. One of the biggest ways we do this is by ensuring we keep PII and other data stored in our system safe. That’s why we’re proud to announce that we’ve obtained our ISO 27001 certification.
What is ISO 27001?
ISO 27001 is a rigorous certification that demonstrates our Information Security Management System (ISMS)’s adherence to international standards set by the International Organization for Standardization. It’s one of the most widely recognized and globally accepted security and privacy certifications an organization can obtain and demonstrates our commitment to maintaining and protecting information security.
What does our ISO 27001 certification mean for you?
While our SOC 2 certification shows that we have the proper controls to keep data secure, confidential, and private, our ISO 27001 certification expands our security posture by demonstrating our commitment to continuous improvement, development, and protection of sensitive data by implementing appropriate risk treatments, policies, and controls.
To get certified, we had to pass an extensive audit and demonstrate a systematic and documented approach to protecting and managing sensitive company and customer information — such as intellectual property, employee and customer data, and other information third parties trust us with — via enterprise-grade best practices.
Specifically, our ISMS includes:
- Continuous monitoring of over 100 internal security controls against the highest possible standards to ensure we remain compliant
- Annual security trainings to ensure each Personerd employs best practices when handling customer data
- Data encryption (both in transit and at rest)
- Annual internal audits conducted by independent and competent personnel, as defined by the ISO standard
- Secure software development that uses data security and vulnerability checks throughout the development lifecycle
- Risk management program driven by annual risk assessments and their resulting Risk Treatment Plans
In short, you can trust that we have implemented policies, processes, and people to keep your data secure. Our certification shows that we meet the highest standards for establishing, implementing, maintaining, and continually improving our ISMS.
At Persona, security is at the forefront of everything we do. In addition to recertifying every year, we plan on continuing to pursue additional security measures and certifications to demonstrate our commitment to security and privacy. For example, we’re currently applying to become a NIST 800-63 rev.3 service provider. We’re also GDPR, CCPA, and HIPAA compliant, further validating our secure data practices.