Tecton Is ISO 27001 Certified! But What Does That Mean?

The world of security is constantly evolving. Benchmarks change, exploits open, and solutions improve. However, one of the few steadfast security standards is ISO 27001, internationally recognized as the cornerstone of information security management compliance for nearly 20 years. That’s why I am proud to announce that Tecton has officially received its ISO 27001:2022 certification, ratifying Tecton’s conformity with the newest set of ISO 27001 standards.

What is ISO 27001 compliance?

ISO 27001 is the best-known standard for information security management systems. Alignment with this standard indicates that a company has a secure system that implements ISO 27001’s core components to protect data it owns and handles.

Furthermore, there are multiple versions of ISO 27001, with the most common certificate being ISO 27001:2013. The latest version, ISO 27001:2022, introduces a heightened focus on threat detection and incident response, making certification more challenging to obtain. Achieving this certificate underlines Tecton’s commitment to protecting customer data.

There are three key components to any ISO 27001 compliant system:

• Confidentiality: Access to data within the organization is solely available to intended parties
• Information Integrity: The organization’s data is authentic, accurate, and reliably stored through methods including encryption and replication
• Availability: Both the organization and its clients can access the data whenever necessary

From a significant reduction in cyber attack vulnerability, to the elimination of backdoors and unintended data access, to an assurance of complete data security, implementing all the above components will vastly improve any organization’s security posture.

How did Tecton achieve ISO certification?

The process included a lengthy and invasive third-party audit, consisting of various assessments on risk and readiness, as well as a detailed review of Tecton’s policy, control, and security documentation.

To prepare for the audit, we conducted an internal review of all security processes and documentation, iterating and improving where needed. Once the 8-month audit was underway, we fielded over 500 documentation requests, as well as thousands of follow-up questions. However daunting it felt to keep up with the auditors, the operation as a whole went quite smoothly, thanks to our dedicated DevOps and Security teams.

What is the difference between ISO 27001 & SOC 2 Type 2 Compliance?

The main difference is scope. SOC 2 Type 2 compliance—first achieved by Tecton in October 2021—is one of the other highly sought after security standards. An ISO 27001 certification proves an organization manages and secures their data in accordance with the defined standard, while SOC 2 Type 2 compliance proves the organization’s critical data security controls have operated effectively across a months-long evaluation period.

What does this mean?

An ISO 27001:2022 certificate is our latest milestone in a never-ending journey to secure Tecton’s systems and managed data, in addition to SOC 2 Type 2 certificate, continuous pentesting, and frequent internal reviews. Our goal with these certifications is to allow our customers to sleep soundly at night, knowing their data is safe and secure when using Tecton.

Interested in trying out Tecton for yourself? Sign up for a free trial here.