ISO/IEC 27001 is a security standard that formally specifies an Information Security Management System (ISMS). As a formal specification, it mandates requirements that define how to implement, monitor, maintain, and continually improve the ISMS. It also prescribes a set of best practices that include documentation requirements, divisions of responsibility, availability, access control, security, auditing, and corrective and preventive measures.
The Absolute Platform is audited once a year for ISO/IEC 27001:2013 compliance by a third-party accredited certification body, providing independent validation that security controls are in place and operating effectively. The scope of the audit includes our Canadian Data Centre (CADC) and US Data Centre (USDC).
Our certificate is valid from April 27, 2020 to April 26, 2023. The certificate validates that Absolute has implemented the guidelines and general principles for initiating, implementing, maintaining, and improving the management of information security, and validates the following:
- We evaluate our information security risks, taking into account the impact of threats and vulnerabilities.
- We design and implement a comprehensive suite of security controls and other forms of risk management to address customer and technology security risks.
- We have a continuous improvement process to ensure that security controls meet our needs on an ongoing basis.