IPXO Obtains ISO 27001 Certification for Full Compliance With the Best Information Security Practices

I am delighted to announce that IPXO, the Internet Protocol Exchange Organization, has received the ISO 27001 certificate. It verifies that we comply with the internationally recognized information security standard.

It took us eight months to achieve full compliance and to demonstrate to our clients and partners that we protect their data. Although the certificate is not mandatory for tech companies, we wanted to officially commit to information security. 

We started the certification process at the beginning of February 2022. Just as soon as we began organizing our Information Security Management System (ISMS) for rigorous auditing. Then, two certification audit stages followed. The first took place on August 1 and the second on August 10.  

So, what is the ISO 27001 standard and how did we receive the certificate? Continue reading to learn all about this. 

What is ISO 27001?

The ISO 27001 standard is a comprehensive specification for information security developed by the International Organization for Standardization (ISO). This specification addresses three dimensions that are the cornerstones of any business security infrastructure: confidentiality, integrity and availability. The three principles are also known by the acronym CIA: 

• Confidentiality indicates that only authorized individuals can access the information 
• Integrity ensures that data is complete, accurate and reliable 
• Availability guarantees that only authorized users can access the information when they need it 

ISO 27001 defines a framework for fulfilling these principles – the Information Security Management System. The ISMS is a set of policies, procedures and systems that help manage and control information security risks, like cyberattacks and data leaks. An efficient and effective ISMS helps businesses and organizations ensure the all-around protection of sensitive data. 

Moreover, implementing ISMS controls can unlock significant benefits for any company. For example, the ISMS can help spot system vulnerabilities and threats on time as well as save on troubleshooting expenses. Moreover, applying preventive controls can help increase any company’s resilience against cyberattacks. 

However, the implementation and preparation of the ISMS prior to the certification process might take some time. That depends on the size of the company and the information it must secure. Also, once the company receives a certificate, it needs to execute regular audits to guarantee ongoing compliance.  

Ultimately, by implementing the ISMS, the company demonstrates to its customers, shareholders and investors that it is committed to ensuring data security. Additionally, the ISO 27001 ISMS shows that the company is constantly adapting to evolving security threats against information security and takes appropriate measures to keep sensitive data safe. 

What IPXO did to achieve ISO 27001 certification

First, we defined our ISMS scope, which is a critical component of the ISMS that shows what organization’s systems, processes, physical locations and services should be protected. The scope allows a certification auditor to evaluate if the ISMS works efficiently within the defined area. 

At IPXO, IP address management is the cornerstone of our operations. Therefore, it was crucial to define what processes and information assets we protect. Essentially, the scope of our ISMS is the development, operation, maintenance and administration of an IP management platform as a service. The scope shows that we cover all information assets and processes related to our platform to ensure comprehensive protection of our clients’ data against cyberattacks. 

Then, we needed to carefully document all information management and risk assessment processes to prepare for certification audits. The preparation of documentation involved a lot of effort and cooperation from several IPXO teams: 

• Human Resources and Administration 
• Platform and Development 
• Purchase and Information Security (InfoSec) 
• Procurement and Change Department 

The representatives of our teams provided relevant documentation to the auditors during the certification stages. During the two phases of the certification process, we demonstrated our theoretical and practical compliance with the ISO 27001 standard. 

Ensuring compliance in practice and taking the next steps

Most importantly, during the certification audit, we proved that we apply all documentation in practice. The certification auditors were provided with the following evidence:

• Azure platform and Azure Active directory settings, antivirus policies, development environments and other crucial elements
• Monitoring logs, business continuity and disaster recovery plans
• Proper configuration of our hardware to protect all information

During the certification audit stages, auditors ensured that all our ISMS policies and procedures were clearly defined and applied according to ISO 27001 requirements. They also offered insights into how we can improve our ISMS further. Finally, the auditors provided us with a detailed audit results report together with our certificate. The report included areas for improvement that we must address before the next maintenance audit next year. 

Ultimately, IPXO applied all 114 controls defined in the standard, which shows 100% ISO 27001 compliance. Of course, we still need to carry out regular internal audits during the three-year certification period to maintain compliance with the ISO 27001 standard and the effectiveness of our ISMS. Also, we will need to prepare for three external annual audits. Eventually, the recertification audit will follow the certificate expiration.  

ISO 27001 compliance – continuous effort that pays off

Becoming ISO27001-certified is a huge task for any company that takes information security seriously. It is also a great achievement! While the process involves a lot of thorough planning and strict auditing, it shows our clients that we protect the confidentiality, integrity and availability of their data. 

After careful ISMS planning, development and auditing, I can safely say that we, at IPXO, can make sure the information of our current and future clients is safe against cyberattacks and other threats. Also, timely assessments of cyber risks and security system updates can help us reduce the costs that might arise from unforeseen data breaches. 

Ultimately, by implementing an effective ISMS, we have strengthened our reputation and can guarantee that we have all the necessary security tools in place. That’s not the end: We will continue consistently monitoring and updating our infrastructure and its performance to ensure full compliance with legal and regulatory requirements. 

The entire IPXO team is proud to achieve ISO 27001 certification and reinforce our dedication to ensuring the highest level of information security. Thank you for the efforts of all teams involved that made this possible!

To learn more about the IPXO platform and its many benefits, book a free demo today.