Skip to content
iso certification SaaS

ISO 27001 Certification: Spot the Real Thing

In SaaS, ISO 27001 certification (International Organization for Standardization) is paramount. Here at Higher Logic, security measures are a component of our day-to-day tasks and span everything we do. Our ISO 27001 Certification is something we’re all proud to have achieved and diligently maintain.  

Back in 2019, Higher Logic was awarded ISO 27001 certification for its Information Security Management System (ISMS) and ensures that all employees understand the importance of retaining that certification.  

At the time, Higher Logic CEO, Kevin Boyce said, “This certification enables us to demonstrate to our current and future customers, that we take the protection of their data seriously,” and today – that remains the same.  

The Higher Logic ISO 27001 certification includes both management processes and controls for information security. We run a risk management process every year and ensure that customer and employee data is protected. 

_____ 

If you’re courting new SaaS contracts within your own organization, you want to know that your information is as important to them as it is to you. So, while some organizations say they’re ISO 27001 certified but they’re not, how do you spot the real thing?  

I sat down with the Security Information Operations Team at Higher Logic to understand how to spot a real ISO 27001 certification, and why Higher Logic is leading to pack in terms of data and information security. 

 

Q. What does ISO certification require? Are there minimum requirements? 

A. “ISO certification is flexible and is dependent on the size and maturity of a company. It’s determined by a statement of applicability and as an organization you choose the elements to implement. Not all organizations implement all elements – technically they’re ISO certified but, in reality they’re not covering all their bases.”  

 

 Q. At Higher Logic, what level of ISO certification do we have? 

A. “Higher Logic is at the top tier of ISO 27001. We implement the full specification and implement all clauses and controls meaning that we do not pick and choose.  We provide our ISO 27001 certificate upon request as proof.”   

 

Q. What should people searching for ISO certified software be aware of? 

A. “They should ALWAYS ask to see the ISO 27001 certificate with the prospective vendor’s name on it. There are many companies out there that claim to be ISO 27001 certified but in fact they’re doing the bare minimum or nothing at all. Some will even try to pass off their hosting provider’s certification as their own. That’s a major red flag. It means that they don’t have qualified personnel or won’t invest in protecting your data.” 

 

Q. What do you mean by the bare minimum? 

A. “There are companies out there that ride on the coattails of software and services that are used by their organization that is ISO certified. Say a company uses a cloud solution that is truly ISO certified, some companies will say that by proxy, they are too. They claim to be certified but in fact, their customer and employee information is at huge risk. If the company is actually certified they can supply you with a genuine certificate.” 

 

 Q. How does that compare with Higher Logic?  

A. “At Higher Logic, we operate a world class information security and privacy program – we’ve invested heavily in that regard and can compete globally with any top tier SaaS provider out there.” 

 

Q. What are the risks of using a company that’s not ISO compliant? 

A. “There’s good evidence that the larger breaches you hear about in the news were breaches on companies not ISO 27001 certified or compliant in a meaningful way. The risk of is much lower for companies like us.” 

 

Q. What are the Latest Compliance Initiatives Higher Logic are Working on? 

A. “Continuous improvement is inherent here. We constantly identify, prioritize, and remediate risks at Higher Logic. We’re constantly improving our global privacy as we sell across the world. We’ve added new privacy jurisdictions including Brazil recently.” 

 

 Q. As the market opens across the globe are we concentrating on any other privacy legislation? 

A. “We’re GDPR compliant and have been since its implementation but there are a lot more global customers whose privacy is important to us. We want to ensure they’re covered and that we’re actively protecting their information and privacy.”

________

 There you have it. ISO Certification is a massively important part of the software you choose to use. If you’re opening up your company and customer information to a new software or service you need to be sure that it’s fully protected.  

If you’d like to see a copy of the Higher Logic ISO certification don’t hesitate to reach out to our CSMs. 

Nuala Cronin

Nuala is the Content Marketing Manager at Vanilla by Higher Logic. Nuala loves creating content, analyzing copy, and all things language.