News

Amoeboids is now ISO 27001 : 2022 certified

We continue to invest in the central pillars of privacy & security as our Atlassian apps for the Cloud gain more traction.

Picking up from where we left a few months ago, Amoeboids is now ISO 27001:2022 certified. 

This milestone follows our previous achievement of SOC 2 Type 2 certification

Impact on Amoeboids

Biggest impact this certification has, is on our customers & partners.

Achieving ISO 27001:2022 provides greater assurance to them that their data is handled with care & protected against potential threats.

Obtaining the ISO 27001:2022 certification significantly enhances our security posture.

ISO 27001:2022 – overview

An internationally recognized standard for information security management systems (ISMS), ISO 27001 is sought after by security focused teams. 

2022 refers to the updated year.

An accredited external auditor conducted a thorough audit of Amoeboids’ security practices, policies & procedures. Came up with suggestions & improvement areas, before finally certifying us with ISO 27001.

Our journey to ISO 27001:2022 certification

Given that Amoeboids was SOC 2 certified recently, that meant some of the controls were already in place. (There is a fair amount of overlap between the SOC 2 & ISO controls).

These days a majority of these controls can be monitored/automated through tools from various providers. In our case, we used Sprinto – for SOC 2 as well as ISO 27001.

All the policy & procedure documents are now tracked in Sprinto along with monitoring of mission critical applications.

While we did have some of the required processes & policies in place. Starting with templates reduced the upfront time investment. We continue to make edits to these policy & procedure documents on an ongoing basis & the system automatically tracks all the changes & their approvals. 

Below are some key steps that we undertook during our certification process:

  • Risk assessment and management: It may sound a little too theoretical, but we started by conducting thorough risk assessments of our systems & processes. It helped us identify potential threats and blindspots. Once identified, ways to mitigate or manage those risks were documented. 
  • Policy development and implementation: This is where the built in templates & procedures in Sprinto gave us a head start. Writing these documents from scratch would have been tedious. Some of these policies were already a part of our execution whereas the others were fresh additions.
  • Employee training and awareness: This was a challenging one. Overcoming the resistance to change our workflows meant elaborate training programs. Well, having the training module included with the security service provider helped a lot. We only had to enforce the attendance & assessment. Once completed, the entire team was on board with the importance of proposed changes.
  • Regular audits and continuous improvement: Once the automated controls were monitored for positive outcomes for a specified period of time we were ready to involve a third party auditor. After a rigorous testing period & some feedback incorporated, we were awarded the ISO 27001:2022 certificate.

What’s next?

We don’t intend to stop at this certification. Our ongoing commitment to keep our customer data secure is already taking us to the next step of this certification journey. 

Another certification is on the horizon ☺

If you are curious about our security practices, have questions about our bug bounty program, please reach out to us. If you are interested in using our apps for the Atlassian products, you can request our SOC 2 & ISO 27001 certifications from our support portal.

Stay Updated with latest news at Amoeboids

Your email will be safe and secure in our database

×