You have not given any consents yet.

Y Soft is ISO 27001:2013 certified!

Following a 16-month effort involving the entire organization, Y Soft is proud to announce we have earned the gold standard for data security, ISO 27001:2013 certification.

What is ISO 27001:2013?

Securing data is one of the top concerns for businesses, not just for them, but for the customers and partners that rely on them. With fines for data breaches averaging approximately $4.24 million, not to mention reputational damage, this should not be a surprise. Simply having a privacy policy is not enough to patch holes in data security; companies must ensure that their processes and procedures are robust and adapt to emerging threats. This is where ISO 27001:2013 certification comes in. Established by the International Organization for Standardization and International Electrotechnical Commission, ISO 27001:2013 is one of the most well-known and internationally recognized standards for establishing, developing, and maintaining an information security management system (ISMS) that protects data confidentiality, integrity, and availability. An ISMS is a framework of all policies and procedures involved in an organization’s information risk management processes. Using this framework helps organizations manage and protect information to remain safe and secure. Including requirements for the assessment and treatment of information security risks specific to an organization, it prescribes a top-down model for how organizations should manage and handle data security and protect assets.

The journey

We have security at our core, which is why we knew that achieving our ISO 27001:2013 certification had to be a strategic business priority, further demonstrating our commitment to the highest levels of compliance and security standards. We want our security practices to be the best and give our customers and partners peace of mind. Over the past sixteen months, the implementation of our ISMS has helped us to document controls already in place, identify and close gaps, establish KPIs that objectively monitor its performance, establish procedures for continuous evaluation, and make evidence-based recommendations for improvement.
 
As an innovative technology organization, we pride ourselves on listening to every one of our teams. With cross-functional support from every area of Y Soft, we drew on competencies involved in the development, production, sales, delivery, support of our products and services; we leveraged resources from R&D, customer support, project management, legal, marketing, IT, human resources, and so much more. Protecting information is of the utmost importance for every department. Working through each of the seven main ISO 27001:2013 clauses (4-10) and the controls of Annex A, we created a statement of applicability and other mandatory documents, including those for management review, formal details of our information security management system, and the processes and procedures. As the certification requires an external audit by an accredited auditor, this means that we have been independently and thoroughly assessed.

“Being ISO 27001:2013 certified demonstrates that we have the right people, processes, and technology in place to protect customer data. We take security seriously and this is proof of our compliance and commitment.” Noah Nadeau, Chief Information Security Officer, Y Soft.

The future

Security is something that is ingrained in our culture and runs through our organizational values. One of the major benefits of our certification is that we can guarantee that our information security is aligned with international standards. Our systems come with the peace of mind that data is protected with a robust information security management system.
 
While ISO 27001:2013 certification assures customers, partners, and other stakeholders that we meet their and our expectations to keep customers safe, this is not a once done process. You can expect us to continually review and refine the way we do things. We never do much standing still at Y Soft and are always looking to the future. We are always evaluating what we can do to ensure continued delivery of data security in the face of emerging threats.

Y Soft renews its commitment

It’s been a long 16-month journey, and we have learned a lot. We are excited to have achieved this milestone by working closely with our implementation specialist partner. By following industry best practices, engaging in the conversation with peers in the infosec community, and listening to the concerns of our partners and customers, we remain committed to protecting the data your company entrusts with us.
 
Y Soft has always been passionate about security, and now we can prove it. You can view and download our ISO certificate here.
 
Further information about our security practices can be found below:
Y Soft information security
Y Soft Cloud Services Security
Information Security & Compliance
Data Protection / GDPR
Print services security: why it matters
securing and protecting your business
Noah Nadeau
Noah Nadeau used to be the Chief Information Security Officer for Y Soft globally before Martin Di Martini.
View all posts by Noah Nadeau

Subscribe to our newsletter

US