Did you know that Rapid7 information security management system (ISMS) is ISO 27001 certified? This certification validates that our security strategy and processes meet very high standards. It underscores our commitment to corporate and customer data security.

What is ISO 27001?

ISO 27001 is an internationally recognized standard for information security management published by the International Standards Organization (ISO). It details requirements for establishing, implementing, maintaining and continually improving an ISMS.

ISO 27001 is focused on risk management and taking a holistic approach to security. Unlike some standards and frameworks, ISO 27001 does not require the implementation of specific technical controls. Instead, it provides a framework and checklist of controls that can be used to develop and maintain a comprehensive ISMS.

It is one of more than ten published standards in the ISO 27000 family. It is the only standard among them that an organization can be certified against.

To become ISO 27001 certified, an organization must:

Systematically examine its information security risks, taking account of the threats, vulnerabilities, and impacts.Design and implement a coherent and comprehensive suite of information security controls and risk avoidance measures.Adopt an overarching management process that ensures the information security controls continue to meet the organization's information security needs over time.

Then, the ISMS must be audited by a third party. This is a rigorous process, which determines whether the organization has implemented applicable best practices as defined in the standard. Certified organizations must undergo annual audits to maintain compliance. Rapid7’s ISMS was audited by Schellman.

Why does ISO 27001 certification matter?

Rapid7 is committed to helping our customers reduce risk to their organizations. ISO 27001 certification is one way that we demonstrate that commitment. It ..

Support the originator by clicking the read the rest link below.