DevSkiller has always had a major commitment to security. Our system was built by software professionals who understood that security is not simply a skin that you put over a system. Instead, it’s a state of mind, a way of designing systems that needs to be implemented from the ground up. With our new ISO 27001 certification, our 御客様 can now easily verify what we’ve been doing since the beginning, providing a secure system for their data.
So what does that mean? Basically, it is an agreed-upon process for maintaining the highest standards of security in an organization. To do this ISO 27001 mandates a six-step process and audits whether it is being followed:
- Define a security policy.
- Define the scope of the ISMS.
- Conduct a risk assessment.
- Manage identified risks.
- Select control objectives and controls to be implemented.
- Prepare a statement of applicability.
We already used a very similar process in line at DevSkiller so it was not difficult to receive the certification. But now that we have the certification, our customers will see a couple of major benefits.
In order to receive ISO 27001, DevSkiller had to be certified by an external auditor. This was a rigorous process that required us to produce documentation according to the exact wording of the ISO 27001 specifications. Already, this is making procurement easier for our customers.
Institutions in highly regulated spaces like banking and business services often already have extensive questionnaires and audits for their vendors. These compliance requirements mirror ISO 27001 very closely. Now instead of having to go through a manual audit of DevSkiller’s documentation and practices, our customers can easily access our ISO documentation, speeding up their ability to add DevSkiller to their tech recruitment process.
At DevSkiller, all our deployment process as well as our infrastructure provisioning, and maintenance is fully automated. This makes it error-proof as there is no forgetful or malicious human to add a vulnerability at any point in the process. This also means that processes are hermetically sealed so that no unwanted outside influences can get in through a manual step in the process.
Prior to the ISO 27001 auditing process, all of our processes were described in the source code. This spread up the auditing process as it is a cleaner way of documenting technical processes. It made it easier for ISO to certify that any issues that arise will be instantly identifiable, leading to a more secure resolution.
More importantly, this ensures business continuity regardless of what unexpected events happened. In any sort of disaster, all customer data will be safe. We also spread our data across multiple public clouds, creating data redundancies. This means that our customers will never have to worry about whether their data has been lost, it will all just be there.
As part of the ISO 27001 process, we now have a full set of documentation describing our exact security processes. Curious? You can take a look at our personal data policy. The security of our customer’s data and their ability to weather catastrophe is paramount to us and we strive to be as transparent about our plans as possible. You can find our certificate below.