itslearning is now ISO27001 certified

John Erik Mathiassen, Security Architect, itslearning
April 15, 2020

We are incredibly proud to announce that itslearning is now ISO 27001 certified. ISO 27001 is one of the most widely recognized international standards for information security management. The standard identifies requirements for a comprehensive Information Security Management System (ISMS) and defines what an organization has to do to manage data more securely.

We started the project of becoming ISO 27001 certified mid 2019. This meant checking and confirming that all our internal processes conformed to ISO 27001 requirements. Our processes were then checked by an independent team of auditors.

What does being ISO 27001 certified mean for our users?

But it doesn’t stop with just getting the certificate. Being ISO certified also means that we must continuously ensure our processes meet the international standard, routinely run them and keep up to date records. We will also be inspected every year by DNV-GL with a re-certification process done every third year.

What this simply means for you, as the user, is that your data is even more secure than before.

“We have long had a systematic approach to information security because we have been committed from Day 1 to data security and protection.”

One of the main processes is risk management – to identify, analyze and evaluate any weakness in the information security processes. This means the information and asset engineers must do regular risk assessments and follow up with a risk treatment plan. This is nothing new for us.

A commitment from every single itslearning employee

We have long had a systematic approach to information security because we have been committed from Day 1 to data security and protection. It is also the duty of every single employee at itslearning to be cognizant of information security management. This means that anyone working in itslearning has an obligation to alert the Security Architect if they suspect a vulnerability. We are all in this together.

To receive the ISO 27001 certificate, our security compliance was validated by the independent audit firm, DNV-GL, after a rigorous process of demonstrating an ongoing and systematic approach to managing and protecting company and customer data. We put in a lot of hard work to become certified, so we are, naturally, incredibly proud of our achievement and our continued commitment to data security.

Protecting data, yours as well as ours, is very important to us and this ISO 27001 certification is another milestone in our ongoing journey. We remain vigilant and have now outlined a more comprehensive security compliance roadmap, so watch this space for more updates.