DevskillerのISO 27001は、調達プロセスをスピードアップします。

9月 4, 2019
DevskillerのISO 27001は、調達プロセスをスピードアップします。

Devskillerは常にセキュリティに大きなこだわりを持っています。私たちのシステムは、セキュリティとは単にシステムを覆うだけのものではないということを理解したソフトウェアの専門家によって構築されました。それどころか、それは心の状態であり、システムを設計する方法であり、ゼロから実装する必要があります。新しいISO 27001の認証を取得したことで、お客様は、当社が最初から行ってきたことを簡単に確認することができるようになり、データに安全なシステムを提供することができるようになりました。


ISO 27001は、国際的に認知され、標準化された規格です。 情報セキュリティ管理システム.情報セキュリティマネジメントシステムの構築、実施、運用、監視、見直し、維持、改善のためのモデルを提供する」ことを目的として作成されました。

So what does that mean? Basically, it is an agreed-upon process for maintaining the highest standards of security in an organization. To do this ISO 27001 mandates a six-step process and audits whether it is being followed:

  1. Define a security policy.
  2. Define the scope of the ISMS.
  3. Conduct a risk assessment.
  4. Manage identified risks.
  5. Select control objectives and controls to be implemented.
  6. Prepare a statement of applicability.

We already used a very similar process in line at DevSkiller so it was not difficult to receive the certification. But now that we have the certification, our customers will see a couple of major benefits.


ISO 27001 will make it easier to purchase devskillerイメージクレジット Artem Beliaikin に於いて アンスプラッシュ

In order to receive ISO 27001, DevSkiller had to be certified by an external auditor. This was a rigorous process that required us to produce documentation according to the exact wording of the ISO 27001 specifications. Already, this is making procurement easier for our customers.

Institutions in highly regulated spaces like banking and business services often already have extensive questionnaires and audits for their vendors. These compliance requirements mirror ISO 27001 very closely. Now instead of having to go through a manual audit of DevSkiller’s documentation and practices, our customers can easily access our ISO documentation, speeding up their ability to add DevSkiller to their tech recruitment process.


At DevSkiller, all our deployment process as well as our infrastructure provisioning, and maintenance is fully automated. This makes it error-proof as there is no forgetful or malicious human to add a vulnerability at any point in the process. This also means that processes are hermetically sealed so that no unwanted outside influences can get in through a manual step in the process.

Prior to the ISO 27001 auditing process, all of our processes were described in the source code. This spread up the auditing process as it is a cleaner way of documenting technical processes. It made it easier for ISO to certify that any issues that arise will be instantly identifiable, leading to a more secure resolution.

More importantly, this ensures business continuity regardless of what unexpected events happened. In any sort of disaster, all customer data will be safe. We also spread our data across multiple public clouds, creating data redundancies. This means that our customers will never have to worry about whether their data has been lost, it will all just be there.


As part of the ISO 27001 process, we now have a full set of documentation describing our exact security processes. Curious? You can take a look at our personal data policy. The security of our customer’s data and their ability to weather catastrophe is paramount to us and we strive to be as transparent about our plans as possible. You can find our certificate below.
ISO 27001 certificate for DevSkiller