Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
I’m pleased to announce that Digital Shadows has recently achieved an important compliance milestone for our customers. After a concerted effort across the organization, we have earned the ISO/IEC 27001:2013 certification. You can find our certificate here.
So what is ISO27001? This is my first experience working directly with ISO27001. It is an international standard that provides requirements for establishing and maintaining an information security management system (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.
The standard includes 114 controls across the following clauses:
What ISO27001 isn’t. ISO27001 isn’t a magical checkbox that wards off adversaries. It won’t defeat attackers like Valyrian steel on a white walker. When we started this journey, I was skeptical, having flashbacks of the Payment Card Industry Data Security Standard (PCI DSS) and all the debate around checkbox security.
Why does it matter? For me, ISO27001 matters because it forced us to mature our overall program. Over the past eighteen months, we’ve implemented many new controls that help us to better protect our clients’ data and help to ensure the availability of SearchLight, our digital risk protection offering. I’m not saying these new controls will prevent intrusions and outages, but our resiliency certainly has matured, and our customers have benefited. ISO27001 has become a critical component of our overall risk management strategy.
I’m proud of the Digital Shadows team for accomplishing this milestone, but as you well know, there is no finish line. We have new offices to bring into the ISO27001 fold, and we have to maintain the certification.
We recently recorded an interview discussing the certification; you can check it out below.
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.