Why choose ISO 27001 certified hosting?
Timo, January 14, 2020
Looking for a new hosting provider? Then you of course choose to have your website hosted by a provider where your data is carefully stored and secured. Choose a provider that has a ISO 27001 certificate. This certificate is only awarded to those that make data security into a priority.
What is ISO?
Products and services that we use in our daily lives come from all over the world. When a company purchases a product or service that comes from abroad, it’s nice to be sure that it meets certain standards and criteria. ISO was created for this purpose. A global network of 164 organizations that set a standard for the quality, safety and efficiency of products and services. These standards are assessed with ISO certificates and range from the production and packaging of milk and cheese to the security of IT services and web hosting.
What does the ISO 27001 certificate stand for?
The ISO 27001 certificate is a quality mark for information security. For IT and hosting companies, this is a policy area that deserves extra attention. In order to obtain the certificate, a hosting company is tested on security points such as personal data collection, the infrastructure of servers, system and software development (and its maintenance), personnel policy (access control, theft, fraud, abuse, etc.) and more. A company is assessed again every year. A hosting provider must therefore constantly make an effort and keep its information security in order in order to obtain the certificate.
What does an ISO 27001 certificate really say?
Even hosting providers with an ISO 27001 certificate can’t guarantee that data breaches will never occur. Nevertheless, the certificate does say something about the intentions of a hoster and how seriously they take information security. The certificate is obtained on a voluntary basis and requires a substantial investment. It is not a requirement for offering hosting services. Many hosting companies address information security as one of their key selling points. In that case, an ISO 27001 certificate shows that their information security system is set up well.
What does the ISO 27001 certificate mean for your company?
Many companies and agencies that use hosting services also have to deal with information security themselves. Perhaps you are reading this article because you are in the process of obtaining the ISO 27001 certificate for your employer or for your own company. How a hosting provider handles your data, and that of your customers, is something you have to justify in your own ISO audit. It makes a lot of difference whether your hosting provider is ISO 27001 certified or not. Without a certificate, it’s a lot harder to prove (even if you’re convinced of this yourself) that your hoster’s information security is in order. It will costs you additional time and attention to research this yourself.
If your supplier doesn’t have an ISO 27001 certificate, it is up to you to demonstrate that you have sufficiently investigated whether enough security measures have been taken by the supplier. For online stores and many other sites that process customer data, this is a relevant issue since the enhancement of the AVG, or GDPR. The law places great responsibility on website owner in terms of data processing. You’re obligated to make your own arrangements with your supplier about the processing of the data through a processing agreement. In addition to such an agreement, you should also invest time in research into the reliability of your supplier. And that research will be a lot easier if your hosting partner has an ISO 27001 certificate.
How does a hosting provider obtain its ISO certificate?
Every provider that wants to obtain its ISO 27001 certificate draws up a scope. The scope defines which business units and information types are part of the information security system. A hosting company determines its own strategy on how customer data is collected, processed and stored. That is why it is important to read the statement of applicability, which is given after the certificate has been issued. This states exactly what is included in the assessment. Ask the hosting provider for this document.
We take our own certificate as an example. The scope describes that our information security system is focused on domain registration, hosting solutions and cloud services to resellers and end users. A broad scope in which we have linked all the services we offer, or intend to offer, to our information security system. In our declaration of applicability, we have described the measures we have taken.
Why are you at Savvii?
As a managed WordPress hosting provider, we want to be the best hosting platform for your WordPress website(s). This also means that we want to process data securely. Although we don’t need ISO 27001 certification for this, we still think it’s important to have it in our pocket. This way we know that we pass the strictest tests in our pursuit of data security. In this way, we also ensure that we continuously improve. We have been assessed on 102 points and have included the entire company width in our scope. Your data is secured with us!