IPXO Obtains ISO 27001 Certification for Full Compliance With the Best Information Security Practices

4 min read
12 September 2022
Vaidotas Januška

IPXO is 100% ISO 27001 certified. Discover what this certification means and how we achieved it.

ISO 27001 certification logo with the words: we are 27001 certified.

I am delighted to announce that IPXO, the Internet Protocol Exchange Organization, has received the ISO 27001 certificate. It verifies that we comply with the internationally recognized information security standard.

It took us eight months to achieve full compliance and to demonstrate to our clients and partners that we protect their data. Although the certificate is not mandatory for tech companies, we wanted to officially commit to information security. 

We started the certification process at the beginning of February 2022. Just as soon as we began organizing our Information Security Management System (ISMS) for rigorous auditing. Then, two certification audit stages followed. The first took place on August 1 and the second on August 10.  

So, what is the ISO 27001 standard and how did we receive the certificate? Continue reading to learn all about this. 

What is ISO 27001?

The ISO 27001 standard is a comprehensive specification for information security developed by the International Organization for Standardization (ISO). This specification addresses three dimensions that are the cornerstones of any business security infrastructure: confidentiality, integrity and availability. The three principles are also known by the acronym CIA

  • Confidentiality indicates that only authorized individuals can access the information 
  • Integrity ensures that data is complete, accurate and reliable 
  • Availability guarantees that only authorized users can access the information when they need it 
A computer protected by three elements: confidentiality, integrity and availability.
Confidentiality, integrity and availability as the cornerstones of any business security infrastructure

ISO 27001 defines a framework for fulfilling these principles – the Information Security Management System. The ISMS is a set of policies, procedures and systems that help manage and control information security risks, like cyberattacks and data leaks. An efficient and effective ISMS helps businesses and organizations ensure the all-around protection of sensitive data

Moreover, implementing ISMS controls can unlock significant benefits for any company. For example, the ISMS can help spot system vulnerabilities and threats on time as well as save on troubleshooting expenses. Moreover, applying preventive controls can help increase any company’s resilience against cyberattacks. 

However, the implementation and preparation of the ISMS prior to the certification process might take some time. That depends on the size of the company and the information it must secure. Also, once the company receives a certificate, it needs to execute regular audits to guarantee ongoing compliance.  

Ultimately, by implementing the ISMS, the company demonstrates to its customers, shareholders and investors that it is committed to ensuring data security. Additionally, the ISO 27001 ISMS shows that the company is constantly adapting to evolving security threats against information security and takes appropriate measures to keep sensitive data safe. 

What IPXO did to achieve ISO 27001 certification

First, we defined our ISMS scope, which is a critical component of the ISMS that shows what organization’s systems, processes, physical locations and services should be protected. The scope allows a certification auditor to evaluate if the ISMS works efficiently within the defined area. 

At IPXO, IP address management is the cornerstone of our operations. Therefore, it was crucial to define what processes and information assets we protect. Essentially, the scope of our ISMS is the development, operation, maintenance and administration of an IP management platform as a service. The scope shows that we cover all information assets and processes related to our platform to ensure comprehensive protection of our clients’ data against cyberattacks. 

Then, we needed to carefully document all information management and risk assessment processes to prepare for certification audits. The preparation of documentation involved a lot of effort and cooperation from several IPXO teams: 

  • Human Resources and Administration 
  • Platform and Development 
  • Purchase and Information Security (InfoSec) 
  • Procurement and Change Department 
A group of people around a table working together.
Numerous IPXO teams were instrumental in achieving the ISO 27001 certification

The representatives of our teams provided relevant documentation to the auditors during the certification stages. During the two phases of the certification process, we demonstrated our theoretical and practical compliance with the ISO 27001 standard. 

Ensuring compliance in practice and taking the next steps

Most importantly, during the certification audit, we proved that we apply all documentation in practice. The certification auditors were provided with the following evidence:

  • Azure platform and Azure Active directory settings, antivirus policies, development environments and other crucial elements
  • Monitoring logs, business continuity and disaster recovery plans
  • Proper configuration of our hardware to protect all information

During the certification audit stages, auditors ensured that all our ISMS policies and procedures were clearly defined and applied according to ISO 27001 requirements. They also offered insights into how we can improve our ISMS further. Finally, the auditors provided us with a detailed audit results report together with our certificate. The report included areas for improvement that we must address before the next maintenance audit next year. 

Ultimately, IPXO applied all 114 controls defined in the standard, which shows 100% ISO 27001 compliance. Of course, we still need to carry out regular internal audits during the three-year certification period to maintain compliance with the ISO 27001 standard and the effectiveness of our ISMS. Also, we will need to prepare for three external annual audits. Eventually, the recertification audit will follow the certificate expiration.  

Two people high-fiving each other while confetti are falling above them.
The IPXO team is 100% ISO 27001 compliant after applying all 114 controls

ISO 27001 compliance – continuous effort that pays off

Becoming ISO27001-certified is a huge task for any company that takes information security seriously. It is also a great achievement! While the process involves a lot of thorough planning and strict auditing, it shows our clients that we protect the confidentiality, integrity and availability of their data. 

After careful ISMS planning, development and auditing, I can safely say that we, at IPXO, can make sure the information of our current and future clients is safe against cyberattacks and other threats. Also, timely assessments of cyber risks and security system updates can help us reduce the costs that might arise from unforeseen data breaches. 

Ultimately, by implementing an effective ISMS, we have strengthened our reputation and can guarantee that we have all the necessary security tools in place. That’s not the end: We will continue consistently monitoring and updating our infrastructure and its performance to ensure full compliance with legal and regulatory requirements. 

The entire IPXO team is proud to achieve ISO 27001 certification and reinforce our dedication to ensuring the highest level of information security. Thank you for the efforts of all teams involved that made this possible!

To learn more about the IPXO platform and its many benefits, book a free demo today.

About the author

Vaidotas Januška

Chief Technology Officer

As a Chief Technology Officer at IPXO, Vaidotas is responsible for platform management and product development with engineering culture at heart. His greatest interests lie in cloud-native applications, technology trends, change management and organizational culture, coaching and mentoring. Vaidotas’ free time is occupied by sci-fi movies, nature and crafting things.
Table of contents

Related reading

A magnifying glass, a megaphone and a warning sign.
31 October 2022   •   News

Latest in the News: rDNS Queries Reveal Too Much, CISA Demands Asset Visibility, Splinternet, Desktop Holds IPv6 Back 

Learn how rDNS queries may be linked to privacy issues, what CISA does to ensure asset visibility, how the rift between IPv4 and IPv6 may lead to splinternet, and…

Read more
A laptop with a lock and a key next to it.
29 September 2022   •   News

Latest in the News: RPKI, BGP and Other Internet Security Best Practices

Why is RPKI ROV important? What can be done about BGP vulnerabilities? Is it possible to enhance the security of internet-connected devices? These are the questions addressed in the…

Read more
A person holding a golden key.
30 August 2022   •   News

Latest in the News: IP Addresses Hold the Key to Business Success 

In the digital era, most businesses would not exist without Internet Protocol addresses. IP addresses, or simply IPs, ensure communication across the global network of…

Read more

Subscribe to the IPXO email and don’t miss any news!