Valiantys has been an Atlassian partner since 2006, working with companies worldwide to help them use and exploit Atlassian tools. In this context, we manage the Jira and Confluence instances (and all the products of the Atlassian suite) of our customers and the administration of these instances via our Cloud Hosting and User/Administrator Support activities. We thus manage our customers’ data and are responsible for their security and availability. We do this with high security requirements to live up to the trust of our customers. Our recent ISO-9001:2015 and 27001:2013 certifications allow us to attest to these commitments and to go even further to continuously improve our services. Discover in this article why it is important to choose an ISO certified partner to manage your Atlassian instances.
What is ISO-27001:2013 and 9001:2015
ISO-27001 is a security standard that outlines the suggested requirements for building, monitoring, and improving an information security management system (ISMS). An ISMS is a set of policies for protecting and managing an enterprise’s sensitive information, e.g., financial data, intellectual property, customer details, and employee records. An ISMS is built on a holistic, tailored approach to protecting and managing an enterprise’s sensitive information.
As a risk-driven standard, ISO-27001 focuses on helping organizations build a culture of security, reducing the likelihood of security incidents, and supporting the ability to meet additional compliance requirements.
ISO-9001 is a Quality Management System (QMS) standard that evaluates whether the Quality Management System is appropriate and effective, while forcing the company to identify and implement improvements.
Continuous improvement assures customers benefit by receiving products/services that meet their requirement, and that the certified company delivers consistent performance.
What does it take to get certified ?
While there are many benefits, the process of achieving both ISO-9001 and 27001 certification is intensive. After implementing the standard’s requirements, organizations seeking certification must undergo multiple audits by an accredited body. During the initial audit, the auditor ensures that the applicant’s ISMS and the QMS have been developed in accordance with the standard. The applicant is expected to present evidence of all key aspects of the ISMS and the QMS. If the organization passes the initial stage, the auditor will conduct a more detailed examination, including analyzing the organization’s policies and procedures, and conduct an on-site investigation to assess how the system is actually working in practice. This includes staff interviews and deep document reviews.
To maintain certification, companies must go through an annual external review and 3-year re-certification process during which they must demonstrate continual improvement in the ISMS and the QMS. When a new revision of the standard is published by ISO, certified providers must transition to the new version to retain compliance. The rigorous nature of ISO-27001 certification validates their ongoing commitment to maintaining confidentiality, integrity, availability and privacy of customer data.
Reasons to choose an ISO-9001 and 27001 certified partner
1 – An ISO-27001 partner, proves that the company believes and works according to an information security guideline. The awareness of the employees regarding information security should be noticeably higher compared to other hosting providers. Standards, such as for testing software or components, backing up systems, and firewall structures to mention a few, should be in place and in-action.
2 – As a certified ISO-27001 partner, your data is safe. Any company certified according to ISO-27001 has to undergo audits and prove that an Information Security Management System is in place.
3 – By choosing an ISO-27001 hosting partner, you also show interested parties, like the government, that you comply with regulations. You demonstrate that you take your responsibilities seriously and work according to best practices yourself. This is also useful for existing and prospective clients.
4 – The ISO-27001 standard actually provides a guideline on how to handle incidents. Continuous improvement will lead towards growing awareness and preventing incidents. Not all risks can be predicted and prevented. But, according to ISO-27001, we assess all the incidents and take precautions against any related or similar incidents. An important part of any ISO-27001 certification is continual improvement.
5 – Any ISO-27001 partner should deliver outstanding security measures. Downtime – as one bonus – should be minimal. As a result, an ISO-27001 certification goes beyond any service level agreement. In general, working with an ISO-27001 company should save your company money – at least in the long run. Less downtime and less hustle let your company work more efficiently, too.
6 – With enhanced systems and processes comes improved products and service offerings for customers. With ISO-9001, new products and services can be added to an organization’s portfolio seamlessly.
7 – By choosing an ISO-9001 partner, the main focus is on customer satisfaction. Therefore customers will notice faster processes, higher quality products and services, and superior customer service as a result of 9001
A better service for clients
For our 300+ Hosting and Support clients, both certifications prove that they can be confident that when we handle their data, it is done in accordance with the highest security standards, hence minimising the risk of any incident (leak, breach, downtime). And that we will always be striving to improve, in accordance to existing standards like ISO, and deliver a consistent, audited quality of service.
Averil Franklin Stewart, ISO Compliance Manager at System C Healthcare and Valiantys client for many years described our certification: “This is fantastic news! The fact that Valiantys is now ISO-27001 certified is a real benefit from my perspective, as they are a key supplier who is hosting systems with patient data.”
As you can see, there are many advantages of using an ISO-9001 and 27001 certified partner. If you only have to choose two, it’s the security of your data and your compliance with regulatory requirements.
Who we are
Valiantys is the leading global consulting and services firm dedicated to Atlassian. We accelerate business transformation by digitizing processes and modernizing teamwork, using the best Agile methods and tools. Our Atlassian technical expertise is unparalleled and we support our customers across the entire spectrum of their projects on those platforms. Because teamwork requires more than just tools, we help them bridge the gap between their applications and strategic practices such as SAFe and ITIL. Over the last 15 years, we have helped in excess of 5,000 customers to achieve their desired business outcomes at a reduced time to value, through improved team collaboration. If you have a project, contact us to help you out now.