From the onset, Taktikal’s outlook has been that in order to be in the trust service industry, we have to be trustworthy. With that in mind, information security has always played a big part here at Taktikal and our products are designed with a security- and privacy-first mentality.
In the beginning of 2022, Taktikal received funding from the venture capital fund Brunnur, to help us expand to international markets. With this funding, the Taktikal team was able to grow to double its previous size and hire a Security and Quality Assurance Manager to help us formalize our Information Security Management System (ISMS). One of our top goals for 2022 was to get our ISMS certified to the ISO 27001 information security standard to help show our customers that we are highly dedicated to ensuring the security of their data.
An ISO certified ISMS confirms that Taktikal has a system in place to manage information security, including a risk management program, security training for employees and a compliance program, to ensure that Taktikal abides by all applicable rules and regulations. For Taktikal this includes international regulations such as the General Data Protection Regulation (GDPR) and the Regulation on electronic identification and trust services (eIDAS).
While for some people, implementing processes sounds about as exciting as watching paint dry, we were happy to be able to think out of the box when it came to security awareness training. We started out by using some ready-to-use awareness training which each employee could go through on their own computer and listed the various security pitfalls, but found that employees were not retaining the information. So we invented our very own security awareness card game (you can find it along with a free downloadable PDF of the game in our blog post ‘How do we make security awareness fun?’) and had a fun afternoon of awareness training (and drinks 😉).
Designing and implementing an information security management system that is maintained and continually improved is not a one person job. The entire Taktikal team came together to reach this milestone along with consultants (thank you SecureIT and Peritus 🙌 ) and our trusted auditors at BSI in Iceland.
It is therefore our great pleasure to announce that the British Standard Institution (BSI) has certified that we operate an ISMS which complies with the requirements of ISO 27001:2013.
As anyone knows who has been involved in such a process, we are nowhere near done and will continue to improve security and ensure privacy in all that we do.
What ISO means and why it matters
It stands for International Organization for Standardization. And it is exactly that - an independent, non-governmental organization established in 1946 that provides strict requirements for trade in the international market for products, systems, and services.
ISO sets standards for quality and security that are recognized and used in over 167 countries around the world and has 24,531 different standards that cover a wide variety of topics in the tech and manufacturing industries. It truly is the global standard for…standards and is built on extensive research by experts into the relevant fields and industries.
Certification means that the products or services provided by a business meet these high level requirements. While ISO offers standards covering topics such as healthcare and environmental management, the most relevant to Taktikal (you guessed it, it’s the one we’re specifically certified in) is ISO 27001, the information security management standard.
First launched in 2005 and revised in 2013, this standard pertains to information security and “...specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks.” - ISO/IEC 27001.
A certification in ISO 27001 shows not only that a company has taken advanced measures to ensure protection of their data, but also that these measures help to protect customer data as well. It sets about regulating how data is managed by the ISMS (Information Security Management System) put in place by the company, and determines what potential risks exist and what can be done to combat any risks to confidentiality and security.
Why ISO 27001 is important for Taktikal
As we mentioned at the start, here at Taktikal, security, compliance, and digital trust are among our top priorities. This means security measures are implemented at every level of the business. Not only in the strength of the security of our software, but also in data handling, and employee conduct both within and outside of the office.
Our team has been thoroughly trained in how to ensure security precautions are in place for the handling of any data. Our commitment to helping other businesses build digital trust begins with our own implementation of such security measures within Taktikal.
The ISO 27001 certification asserts that we’ve fully achieved this goal and reinforces our continued work towards maintaining high levels of standards not just in security but in employee awareness training and transparency with our customers and the public.