Company / Announcing Digital Shadows’ ISO27001 certification

Announcing Digital Shadows’ ISO27001 certification

Announcing Digital Shadows’ ISO27001 certification
Rick Holland
Read More From Rick Holland
May 7, 2019 | 2 Min Read

I’m pleased to announce that Digital Shadows has recently achieved an important compliance milestone for our customers. After a concerted effort across the organization, we have earned the ISO/IEC 27001:2013 certification. You can find our certificate here. 


So what is ISO27001? This is my first experience working directly with ISO27001. It is an international standard that provides requirements for establishing and maintaining an information security management system (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

 ISO 27001 information security management


The standard includes 114 controls across the following clauses:

  • 5: Information security policies
  • 6: Organization of information security
  • 7: Human resource security
  • 8: Asset management
  • 9: Access control
  • 10: Cryptography
  • 11: Physical and environmental security
  • 12: Operations security
  • 13: Communications security
  • 14: System acquisition, development and maintenance
  • 15: Supplier relationships
  • 16: Information security incident management
  • 17: Information security aspects of business continuity management
  • 18: Compliance; with internal requirements, such as policies, and with external requirements, such as laws


What ISO27001 isn’t. ISO27001 isn’t a magical checkbox that wards off adversaries. It won’t defeat attackers like Valyrian steel on a white walker. When we started this journey, I was skeptical, having flashbacks of the Payment Card Industry Data Security Standard (PCI DSS) and all the debate around checkbox security.


Why does it matter? For me, ISO27001 matters because it forced us to mature our overall program. Over the past eighteen months, we’ve implemented many new controls that help us to better protect our clients’ data and help to ensure the availability of SearchLight, our digital risk protection offering. I’m not saying these new controls will prevent intrusions and outages, but our resiliency certainly has matured, and our customers have benefited. ISO27001 has become a critical component of our overall risk management strategy.

I’m proud of the Digital Shadows team for accomplishing this milestone, but as you well know, there is no finish line. We have new offices to bring into the ISO27001 fold, and we have to maintain the certification.

We recently recorded an interview discussing the certification; you can check it out below.



To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.

10 Milestones Celebrating 10 Years of Digital Shadows

10 Milestones Celebrating 10 Years of Digital Shadows

May 19, 2021 | 6 Min Read

2021 marks a bright and beautiful new beginning...
Tracking Ransomware within SearchLight

Tracking Ransomware within SearchLight

April 29, 2021 | 4 Min Read

“If it ain’t broke, don’t fix it”. As we...
The Top 5 ShadowTalk Episodes of All Time

The Top 5 ShadowTalk Episodes of All Time

April 22, 2021 | 4 Min Read

On 29 April 2020, the Photon Research team...
Top Blogs of Q1 2021

Top Blogs of Q1 2021

March 30, 2021 | 10 Min Read

It’s safe to say that the first quarter of...