A ISO 27001 na DevSkiller irá acelerar o seu processo de aquisição

Por Setembro 4, 2019 #!30Qui, 16 Abr 2020 13:44:52 +0200p5230#30Qui, 16 Abr 2020 13:44:52 +0200p-1Europe/Warsaw3030Europe/Warsawx30 16pm30pm-30Qui, 16 Abr 2020 13:44:52 +0200p1Europe/Warsaw3030Europe/Warsawx302020Qui, 16 Abr 2020 13:44:52 +0200441444pmQuinta-feira=8#!30Qui, 16 Abr 2020 13:44:52 +0200pEurope/Warsaw4#Abril 16th, 2020#!30Qui, 16 Abr 2020 13:44:52 +0200p5230#/30Qui, 16 Abr 2020 13:44:52 +0200p-1Europe/Warsaw3030Europe/Warsawx30#!30Qui, 16 Abr 2020 13:44:52 +0200pEurope/Warsaw4# Changelog
A ISO 27001 na DevSkiller irá acelerar o seu processo de aquisição

DevSkiller has always had a major commitment to security. Our system was built by software professionals who understood that security is not simply a skin that you put over a system. Instead, it’s a state of mind, a way of designing systems that needs to be implemented from the ground up. With our new ISO 27001 certification, our clientes can now easily verify what we’ve been doing since the beginning, providing a secure system for their data.

O que é a ISO 27001

A ISO 27001 é uma especificação internacionalmente reconhecida e padronizada para um information security gerência system. Foi criado para "fornecer um modelo para estabelecer, implementar, operar, monitorar, revisar, manter e melhorar um sistema de gestão de segurança da informação".

So what does that mean? Basically, it is an agreed-upon process for maintaining the highest standards of security in an organization. To do this ISO 27001 mandates a six-step process and audits whether it is being followed:

  1. Define a security policy.
  2. Define the scope of the ISMS.
  3. Conduct a risk assessment.
  4. Manage identified risks.
  5. Select control objectives and controls to be implemented.
  6. Prepare a statement of applicability.

We already used a very similar process in line at DevSkiller so it was not difficult to receive the certification. But now that we have the certification, our customers will see a couple of major benefits.

Será mais fácil de comprar o DevSkiller

ISO 27001 will make it easier to purchase devskillerImage Credit: Artem Beliaikin em Desplash

In order to receive ISO 27001, DevSkiller had to be certified by an external auditor. This was a rigorous process that required us to produce documentation according to the exact wording of the ISO 27001 specifications. Already, this is making procurement easier for our customers.

Institutions in highly regulated spaces like banking and business services often already have extensive questionnaires and audits for their vendors. These compliance requirements mirror ISO 27001 very closely. Now instead of having to go through a manual audit of DevSkiller’s documentation and practices, our customers can easily access our ISO documentation, speeding up their ability to add DevSkiller to their recrutamento de tecnologia process.

Os clientes podem ter a certeza de que os seus dados estão seguros

At DevSkiller, all our deployment process as well as our infrastructure provisioning, and maintenance is fully automated. This makes it error-proof as there is no forgetful or malicious human to add a vulnerability at any point in the process. This also means that processes are hermetically sealed so that no unwanted outside influences can get in through a manual step in the process.

Prior to the ISO 27001 auditing process, all of our processes were described in the source code. This spread up the auditing process as it is a cleaner way of documenting technical processes. It made it easier for ISO to certify that any issues that arise will be instantly identifiable, leading to a more secure resolution.

More importantly, this ensures business continuity regardless of what unexpected events happened. In any sort of disaster, all customer data will be safe. We also spread our data across multiple public clouds, creating data redundancies. This means that our customers will never have to worry about whether their data has been lost, it will all just be there.

Você pode ver os nossos documentos

As part of the ISO 27001 process, we now have a full set of documentation describing our exact security processes. Curious? You can take a look at our personal data policy. The security of our customer’s data and their ability to weather catastrophe is paramount to us and we strive to be as transparent about our plans as possible. You can find our certificate below.
ISO 27001 certificate for DevSkiller