BEEKEEPER'S ISO 27001:2013 CERTIFICATIONBeekeeper was built from the ground up to be a secure business communication app that transforms the way we engage and work. With ISO 27001:2013 certification, our information security systems adhere to international data privacy standards.
At Beekeeper, the trust of our users is never taken for granted. Trust is at the core of everything we do: it drives the innovation of our internal communication platform and inspires us to do better. Data security is everyone’s responsibility at Beekeeper.
How Beekeeper Ensures Customer Data Protection
- In accordance with data security and customer data protection best practices, Beekeeper only invests in certified data centers.
- As part of our continued commitment to meeting and exceeding data security standard practices, Beekeeper is ISO 27001:2013 certified. We have taken this step to certify our product and services team with an ISO 27001:2013 certification to build a solid Information Security Management System.
- Paramount to ISO 27001:2013 is that we adhere to international best practices in every action and process as it relates to data privacy and security of our information systems, chiefly customer data protection.
From technology implementation to an end-user perspective, voluntarily obtaining ISO 27001:2013 certification ensures Beekeeper adheres to the highest standards of cybersecurity to ensure data privacy processes around information management.
What is ISO 27001:2013 Certification?
ISO (International Organization for Standardization) 27001:2013 is a set of information security and privacy best practices regarding the management of customer data that adheres to the highest international data security standards. Importantly, ISO standards are the result of a consensus-driven process by experts from all over the world, pooling vast international experience and knowledge from all business sectors.
Data that falls under the risk management controls set in place by ISO 27001:2013 include financial information, intellectual property, a customer’s or employee’s details, or any personal information entrusted to us.
Beekeeper’s Information Security Management System (ISMS)
Here are the primary functions of our Information Security Management System in accordance with ISO 27001:2013 standards:
- Identify assets at potential risk and require data encryption for adequate data privacy. Data encryption reduces information security risks.
- Ensure ongoing confidentiality, integrity, and availability of information.
- Address the importance of business continuity management with a set of controls that will protect the availability of information in case of an incident and protect critical business processes from the effects of major disasters to ensure timely resumption.
- Ongoing independent assessment and audits by accredited certification third parties and our appointed Data Protection Officer (DPO) to ensure that our ISMS is meeting ISO 27001:2013 requirements.
- A stringent and coherent access control framework, comprising of supporting policies, processes, and advanced technologies.
ISO 27001:2013 FAQ
Q: What is the difference between ISO 27001:2013 and SOC information privacy certifications? Are they interchangeable?
A: The simple answer is no, ISO 27001:2013 and SOC (SOC stands for System and Organizational Controls) are not interchangeable. It’s akin to comparing apples to oranges; both are fruits, but have different characteristics including color, taste, and shape.
While ISO 27001:2013 and SOC are both information security management systems, and both require third-party audits, a key difference between them is that SOC pertains to North America while ISO 27001:2013 is based on international data security standards. Neither certifications are required, but companies often voluntarily adhere to or obtain certification as part of their customer data protection and information privacy risk management controls.
Other key differentiators between ISO 27001:2013 and SOC:
- Meeting ISO 27001:2013 certification standards is a more rigorous process than that of SOC.
- ISO 27001:2013 auditing process are intended to maintain certification for three years, while SOC are case and time specific.
- ISO 27001:2013 establishes and continually improves a system of risk management and information security, while SOC is a method for a company to demonstrate that they have measures in place for data security and their adherence to data security standards.
Q: Is ISO 27001:2013 certification country-specific or is it internationally accepted?
A: While ISO 27001:2013 certification is not required, it is internationally recognized.
Q: When it comes to information privacy, is there any difference between data privacy on mobile apps and web browsers?
A: ISO 27001:2013 control objectives are defined to protect data, irrespective of the mode of utilization (storage and transfer). In this respect, Beekeeper stores data on mobile apps in an encrypted container or does not store any data for use via web browsers and only uses encrypted channels for transfer of data.
Q: What is a certified data center? Does Beekeeper use certified data centers for customer data protection?
A: A certified data center is a physical location where data is stored and protected from both human-inflicted (such as a cyber attack or physical data breach) and natural incidents (for example, extreme weather events). A certified data center implements risk management and information privacy controls and builds automated data security systems. Third-party audits are performed to confirm data security and compliance.
Yes, Beekeeper uses certified data centers as part of our ISMS as a measure of protection against the above-mentioned cyber or physical data breach scenarios.
Q: What layers of customer data protection are in place at the certified data centers that Beekeeper uses?
A: There are four primary layers of risk management when it comes to minimizing data privacy vulnerability at the certified data centers Beekeeper trusts for data security.
Physical security. This refers to a secured perimeter around the certified data center building.
Appropriate and secure building infrastructure. This includes proactive construction and preventative measures to withstand against fire, power outages, and other potentially damaging conditions inside the Certified Data Centers.
Cybersecurity. These are comprised of multiple layers of restricted access.
Intentional environmental hazard mitigation. This refers to the selection and protection of the physical location of the Certified Data Center.
Q: What is ISMS and how does it apply to ISO 27001:2013?
A: ISMS stands for Information Security Management System. It is important that an ISMS is part of and integrated with a company’s customer data protection processes and overall management structure and that information privacy is considered in the design of processes, information systems, and controls. ISO 27001:2013 provides the data privacy standards with which to develop, implement, maintain, and monitor a company’s ISMS.
Q: Since Beekeeper has ISO 27001:2013 certification, does that mean Beekeeper customers do as well by association?
A: No, it does not. Beekeeper’s ISO 27001:2013 certification covers the specific scope of our information security management system and the measures in place to ensure customer data protection. However, as Beekeeper is considered a direct data processor for the customer, both internal and external auditors of our customers recognize the customer's due diligence in having chosen an ISO 27001:2013 certified partner as a data processor.