Achieving ISO 27001:2013 certification and Workplace approval demonstrates our continued commitment to privacy, information and data security as well as ensuring we comply with international best practices.
We take security and privacy very seriously at The Bot Platform and we’re always doing everything we can to protect the data of our customers, partners and staff.
A few weeks ago we announced that we had been approved as a UK Government Supplier and are featured on their G-Cloud 11 Digital Marketplace. This was part of a broader security push and we’re very proud to announce that The Bot Platform has also achieved ISO 27001:2013 certification.
What is ISO 27001?
The short answer is that ISO 27001 is a framework for managing information security. The longer answer is that ISO/IEC 27001 is an internationally recognised standard designed to ensure that risks to the security of systems and information are identified and managed on an on-going basis. It represents one of the most well-regarded and accepted standards for the security of enterprise software and systems.
The International Organization for Standardization (ISO) is an independent, non-governmental organization that brings together experts to share knowledge and develop consensus-based international standards.
There are many benefits that come from being ISO 27001 certified but it requires a huge amount of work and commitment from the company and employees to ensure that we’re creating and adopting procedures that cover data security and privacy, and being able to prove that we’re following these processes throughout the organization.
How we achieved ISO certification
In order to get our ISO 27001:2013 accreditation we went through an exhaustive three-day audit of our Information Security Program covering all sorts of things such as…
- The Bot Platform infrastructure and associated systems
- Software design and development practices
- Information security, data and privacy policies
- Physical locations and remote working policies
- Customer and third party data policies and processes
- Security and risk management policies and procedures
As well as compiling all this information, we also had to ensure that not only were all TBP staff aware of and trained in our policies – but that we had a clear training and audit log of when TBP staff members had both read and demonstrated understanding of our information security policies and procedures.
Sending out security policies, checking in with staff to ensure they’ve been read and creating trackable training logs could have been a hugely manual task. But, luckily for us, we’re pretty good at building automation tools that make us more productive and so we built ourselves a Compliance bot that sent messages to all our staff members with information on different training programs, ensured staff members had read those documents, tested them to ensure understanding and then saved their results in a spreadsheet that we could show auditors.
We’ll be releasing a follow up blog post on how bots and automation helped with compliance, but here’s a sneak peek of the autonomous superhero that helped us with all things compliance and security. After all, information security doesn’t have to be dull, especially when you’ve got Captain Compliance to call on.
What does this mean for you?
Earning ISO 27001 certification demonstrates our commitment to keep information assets secure and means you can be confident that any data and information given to us is safe and we have procedures in place to ensure it stays that way. This certification also demonstrates that our Information Security Program complies with international best practices and reinforces our focus on maintaining industry-leading security programs and practices.
On top of this, with The Bot Platform having completed a Workplace app review, security review and passed a Facebook-approved penetration test, we are now one of the first Workplace partners to be an approved third party app with medium permissions status available for any customer to easily install onto their own Workplace instances.
If you’d like to see our delightful new ISO 27001:2013 certificate you can check that out here.