O DevSkiller sempre teve um grande compromisso com a segurança. Nosso sistema foi construído por profissionais de software que entenderam que a segurança não é simplesmente uma pele que você coloca sobre um sistema. Em vez disso, é um estado de espírito, uma forma de conceber sistemas que precisa de ser implementada a partir do zero. Com nossa nova certificação ISO 27001, nossos clientes podem agora verificar facilmente o que temos feito desde o início, fornecendo um sistema seguro para seus dados.
O que é a ISO 27001
A ISO 27001 é uma especificação internacionalmente reconhecida e padronizada para um sistema de gestão de segurança da informação. Foi criado para "fornecer um modelo para estabelecer, implementar, operar, monitorar, revisar, manter e melhorar um sistema de gestão de segurança da informação".
So what does that mean? Basically, it is an agreed-upon process for maintaining the highest standards of security in an organization. To do this ISO 27001 mandates a six-step process and audits whether it is being followed:
- Define a security policy.
- Define the scope of the ISMS.
- Conduct a risk assessment.
- Manage identified risks.
- Select control objectives and controls to be implemented.
- Prepare a statement of applicability.
We already used a very similar process in line at DevSkiller so it was not difficult to receive the certification. But now that we have the certification, our customers will see a couple of major benefits.
Será mais fácil de comprar o DevSkiller
In order to receive ISO 27001, DevSkiller had to be certified by an external auditor. This was a rigorous process that required us to produce documentation according to the exact wording of the ISO 27001 specifications. Already, this is making procurement easier for our customers.
Institutions in highly regulated spaces like banking and business services often already have extensive questionnaires and audits for their vendors. These compliance requirements mirror ISO 27001 very closely. Now instead of having to go through a manual audit of DevSkiller’s documentation and practices, our customers can easily access our ISO documentation, speeding up their ability to add DevSkiller to their tech recruitment process.
Os clientes podem ter a certeza de que os seus dados estão seguros
At DevSkiller, all our deployment process as well as our infrastructure provisioning, and maintenance is fully automated. This makes it error-proof as there is no forgetful or malicious human to add a vulnerability at any point in the process. This also means that processes are hermetically sealed so that no unwanted outside influences can get in through a manual step in the process.
Prior to the ISO 27001 auditing process, all of our processes were described in the source code. This spread up the auditing process as it is a cleaner way of documenting technical processes. It made it easier for ISO to certify that any issues that arise will be instantly identifiable, leading to a more secure resolution.
More importantly, this ensures business continuity regardless of what unexpected events happened. In any sort of disaster, all customer data will be safe. We also spread our data across multiple public clouds, creating data redundancies. This means that our customers will never have to worry about whether their data has been lost, it will all just be there.
Você pode ver os nossos documentos
As part of the ISO 27001 process, we now have a full set of documentation describing our exact security processes. Curious? You can take a look at our personal data policy. The security of our customer’s data and their ability to weather catastrophe is paramount to us and we strive to be as transparent about our plans as possible. You can find our certificate below.