Confident that our information security management is in line with international best practice we recently applied for independent recognition of this through the International Organisation for Standardisation (ISO).
Well, the great news is we’ve been (very) rigorously audited and assessed, and Workable is now officially ISO 27001:2013 certified.
What does it mean to have ISO 27001 accreditation?
Having this certification is public recognition that what we’re doing internally to ensure ongoing data protection meets the highest, worldwide security standards.
What that means day-to-day is that we’ve got powerful processes and policies in place to regularly check for threats and vulnerabilities. And that we’re robust and resilient to those potential threats. In a nutshell—what it means is “We’ve got your back”.
David Hartig, our COO explains,“This accreditation is a tick in the box for us as we were on a secure track beforehand. We understand the importance of these controls and have implemented them from the very beginning. But we wanted to give our customers an added level of confidence that we’re a secure organisation. That’s why we went for accreditation.
What ISO prompted us to do was to formalize our process and make it more traceable. So what we’ve been working hard on is making it easier to track, audit and evidence what we had in place already.
Being ISO 27001-accredited isn’t just about being able to prove that our tech is safe and secure. It’s about being able to prove that Workable as a company, its employees and infrastructure, is operating safely and securely too.”
Will there be any change for our customers?
For our existing 6000+ customers it’s business as usual, with the added reassurance that as we continue to grow as an organisation our commitment to maintaining the highest standards of security will grow with us. We’ll continue to invest in ongoing cyber-security training to promote an organisational culture that reinforces the protection provided by our software and systems.
For prospective customers, we’re now able to offer the added level of confidence that comes with formal third-party accreditation. So, however large or small your candidate database, you can join us knowing that we’ve got the controls in place to securely scale-up and manage your biggest and most valuable asset – your candidates’ confidential data.
“We can now show customers that we’re a robustly secure organisation,” says David. “They can see the certificate. They don’t have to take our word for it. Independent experts have assessed, audited and approved our processes and policies. And they will continue to have oversight of what we do through quarterly internal and annual external audits.”
How does this link up with GDPR?
Having ISO 27001 certification takes on extra significance with the implementation of GDPR looming.
“GDPR bases itself on a security standard,” says David. “And for the most part they point to ISO 27001 as being the basis for a secure environment. So, arguably, if you don’t have ISO 27001 certification or you can’t meet the requirements of the certification it’s going to be tougher to prove that you’re GDPR-compliant.”
Find out more about how Workable meets security standards
From access controls to single sign-on, data protection to data encryption, Workable’s operating model has centered around security from day one.