Last January, after an exhaustive analysis of all our systems and services, Demand Logic attained the ISO 27001 Information Security certification. As an organisation that has IT at the centre of everything it does, security is paramount to the success of the company and to the trust that our customers place in us.
Demand Logic takes security very seriously, so, in order to achieve certification, it wasn’t enough to follow the letter of the ISO 27001 standard. We had to delve deep into the meaning of it, understanding every nuance of every clause and control, and applying those to our organisation.
Security is about protecting the confidentiality, integrity and availability of data. To achieve iron clad security, we analysed all the assets that we own and operate, including servers, applications, physical devices, and even people. We looked at how those assets were accessed, and hunted for any weaknesses. We made sure that full security measures were in place for all entry points into our systems and working places.
In many cases, achieving the standard was about clarifying and documenting what we do naturally. In other cases, it was about streamlining our processes and ensuring consistency with these. To demonstrate our compliance with the standard, and to make certain that all staff members understand the importance of security and how to implement it, we documented all our policies and procedures, and trained our staff in the intricacies of security management.
Demand Logic maintains a security management system that is designed to implement all aspects of security throughout the organisation. We conduct regular security audits of this system, as well as our IT systems and services, to ensure that security remains air tight. We constantly look for ways to improve our security, and keep tabs on developments in the world of cyber crime so that we stay protected no matter what threats may come our way.
ISO 27001 requires implementing the standard throughout everything we do. It has allowed us to step back and take a look at the bigger picture. In so doing, we have enhanced our roadmap for the future so that Demand Logic will continue to grow and stay far ahead of its competition.
Among many areas of improvement, we’re moving our system to Kubernetes on the Google Cloud Platform, to facilitate the ease with which we can bring new features to the platform, while making security easier to manage on a daily basis. Kubernetes allows us to streamline the deployment of the platform, and standardise the services within it.
We’re also introducing improved logging and monitoring facilities to help ensure the Demand Logic platform is always ready to serve our customers. These facilities will help us provide continuous improvement in areas of platform response time and availability.
A new process for responding to incidents has been introduced that improves our ability to respond quickly and efficiently to any problems in IT security as well as any breaches in personal data security.
Our disaster recovery processes have been improved so that recovery time is even faster, in the unlikely event that anything interrupts the service.
We are very proud of the security measures we have in place and the systems we’ve designed around them. We are confident that our customer’s data is very safe in our hands, yet we remain ever vigilant against possible threats going forwards and committed to improving our ability to meet them.