What is ISO certification? We have all the information at a glance!
A few weeks ago, Mindable Health received the DIN EN ISO/IEC 27001:2017 (ISO 27001) certification. But what does this actually mean for our company and the users of our app?
In this article, you’ll learn what an ISO certification is and why it’s especially important for digital businesses.
ISO – what does it stand for?
ISO is the short form for International Standardisation Organization or International Organisation for Standards (https://www.iso.org). This organisation, as the name suggests, develops standardised norms. Standards are rules, guidelines or characteristics for technical circumstances and different procedures. Sounds complicated at first, but in fact these standards simplify our everyday life. The best-known standard is probably EN ISO 216 or DIN 476, which defines the paper format of a DIN A4 sheet. Standards also ensure, for example, that no matter which manufacturer you buy a light bulb from, it will fit into your socket at home, all screws of one kind look the same or your USB stick fits into every computer.
In our case, we are talking about standards for different management systems in companies. There is not just one standard, but a whole set of rules with many standards. If a company fulfils a standard, it can have it certified. There are many different certificates that refer to different areas. In the next section, we will look at the ISO 27001:2017 certification, which Mindable has.
What is the ISO 27001 certification?
ISO 27001 certification refers to 114 objectives that are defined, measured and audited through rules and guidelines in the area of information security. The focus is on the protection of data that is processed within a company. This includes, among much other information, user information, employee information and health information. Certification guarantees that each piece of information is protected according to its level of confidentiality.
And what does the name of the standard actually mean?
DIN EN ISO/IEC 27001:2017 is the full name of the standard to which Mindable Health is certified. ISO standards are standards developed by the ISO standards body and IEC standards are developed by the International Electrotechnical Commission (IEC). EN standards are usually ISO or IEC standards that have been harmonised by the European Commission. And DIN stands for Deutsches Institut für Normung (German Institute for Standardisation), which once again, in 2017, created a German version of it. Here you can quickly see that many people are involved in the creation of a standard.
Why is this certification important for us?
Mindable Health is a technology-based company and, like many others, we rely on selected IT systems. In the worst case, vulnerabilities can lead to data loss, disclosure or manipulation. Because our company comes into contact with sensitive health data of app users, information security is a particularly high priority for us.
By implementing an international management system that is audited and certified by an accredited testing and certification body, we protect any data from the risks and threats of the digital age. This way, we make sure that all data in the app really belongs only to the user! In addition, information security is continuously checked and improved by external experts.
Here you can see all important advantages of ISO 27001 certification in a nutshell:
- Internationally recognised information security management system (ISMS) standards are complied with
- Information security is continuously checked and established
- Conscientious handling of information
- Awareness of IT risks
- IT risks, potential damage and consequences of digital attacks are minimised and controlled
- Information security throughout the company: Management responsibility & training of employees
How does Mindable guarantee information security?
Mindable focuses in particular on the confidentiality and integrity of users’ data. Regular measures are taken to ensure this protection. These include, among other things, the internal review of the information security management system (ISMS), the regular assessment of threats (risk management), the evaluation of detected vulnerabilities (incident management), the review of implemented measures and the regular training of management and staff. In addition, we are constantly improving our system, because we want to ensure information security not only at the present time, but also in the future.
Who certifies ISO?
ISO itself does not award certificates. These are issued by certification bodies. These certification bodies are first examined in detail, because they also have to fulfil certain ISO standards. It is also important that the certification bodies have expertise, are independent and neutral. If all requirements are met, they can assess, audit and ultimately certify companies.
Norms and standards are not always as recognisable as a piece of paper or a light bulb socket. An ISO certificate gives you the opportunity to immediately recognise which companies, with regard to IT systems, are oriented towards international standards and have been externally assessed. By the way, applying for an ISO certificate is not mandatory. We have taken this extra step to guarantee that your data and information are really safe with us.
If you would like to learn more about protecting your data in the Mindable app, click here.
