I’m pleased to announce that AlienVault’s USM Anywhere Information Security Management System (ISMS) is certified to ISO 27001:2013 by an accredited certification body. This certification underscores our commitment to providing effective threat detection and rapid incident response capabilities in a secure cloud environment.
Our certification process was led by Coalfire ISO, Inc., an ISO/IEC 27001 Certification Body accredited by the ANSI-ASQ National Accreditation Board (ANAB). The scope of this certification includes the following: the development and implementation of a rigorous security program, which includes the development and implementation of an ISMS for the AlienVault Unified Security Management® (USM) product offering, which includes USM Anywhere™ and USM Central™.
About ISO/IEC 27001:2013
The ISO/IEC 27001 family of standards define a global standard for information security management. These standards outline the best practices and security controls required for a strong information security program, one that protects sensitive company information. The standards are comprehensive, spanning the people, processes, and IT systems involved in an organization’s security program.
The sensitive information covered in ISO 27001 includes any data entrusted by third parties. For a SaaS security provider like AlienVault, this means that, in order for USM Anywhere to be compliant with ISO 27001:2013, we had to demonstrate how we secure, transmit, and store data on behalf of our customers. Having this certification gives our customers extra assurance that we are securely handling their sensitive security-related data.
Like our compliance certifications for PCI DSS, SOC 2 Type 2, and an attestation of HIPAA compliance, our successful completion of a third-party audit and compliance certification for ISO 27001:2013 tells our customers that we are doing exactly what we say we are doing—that we maintain robust security controls to continually support and protect your data as well as our own.
We’ve Been Drinking Our Own Champagne Again
Last year, when AlienVault achieved compliance certifications and attestations for PCI DSS, SOC 2, and HIPAA, I described how we used the AlienVault USM Anywhere service in house to demonstrate our compliance. We did the same for our ISO 27001:2013 certification. While it’s not mandated that a security solution provider use its own product for its internal security and compliance programs, I do think it is important that you “drink your own champagne,” (or, as I noted in the previous blog, “eat your own dog food.”)
With the USM Anywhere service offering, our compliance officer was able to readily walk auditors through many of the key security controls outlined in ISO 27001:2013. Because the platform has many out-of-the-box compliance features, including pre-built reports and custom data views, it makes it simple and fast to navigate an audit process.
For customers on their own compliance path for ISO 27001:2013 certification, AlienVault USM can help to cut through the complexity and uncertainty of the audit.
How ISO 27001:2013 Sets the Stage for the GDPR
At AlienVault, we haven’t been shy about the fast-approaching deadline (May 25, 2018) for the EU General Data Protection Regulation (GDPR). You can watch a recent webcast I gave on the GDPR here.
While there is no official compliance certification program for the GDPR, organizations need a way to assess their GDPR readiness. Having an established ISMS has been identified as a great starting point for organizations to provide evidence of their compliance with the GDPR. In short, by following ISO 27001:2013 process, organizations (AlienVault included) can set the stage for creating a GDPR-compliant environment.