Dave Brown, Head of Security and Devops, Datactics
At Datactics, maintaining the highest information security standards has always been at the core of our operations. This unwavering commitment has recently been formally recognised with our achievement of the ISO 27001:2022 Certification for our Information Security Management System (ISMS).
It is a major milestone in achieving ISO27001 and a powerful validation of our continuous efforts to protect client data and ensure the integrity, confidentiality, and availability of our information assets. In this blog, I’ll share our journey of achieving ISO 27001:2022.
The journey toward ISO 27001:2022 Certification
Our path to ISO certification began in Q4 2023, with invaluable support from industry experts at Vertical Structure.
The process started with a thorough evaluation of our existing security posture, carefully measuring it against the rigorous requirements set by ISO 27001. This stage involved a deep dive into our policies, procedures, and infrastructure to identify potential vulnerabilities and areas for improvement.
Following the evaluation, the DevOps team implemented targeted improvements over several months to strengthen our security framework. These efforts came to a head in January 2024 with a successful Stage 1 audit conducted by NQA. This initial audit was instrumental, providing us with crucial feedback and pinpointing specific areas for improvement.
The rigorous Stage 2 audit
By June 2024, we prepared for the critical Stage 2 audit and welcomed NQA back to the Datactics headquarters for an intensive review
This audit was exhaustive. For five days, the auditors scrutinized every facet of our ISMS. The audit team delved into our operations, from software development processes to client support systems and internal IT protocols. The auditors even spot-tested Datactics staff on their knowledge and understanding of Information Security Management within the company. This thorough examination ensured that no stone was left unturned.
Thanks to the hard work of our entire team, we successfully passed the audit! Datactics earned the ISO 27001:2022 certification, reinforcing our compliance with global information security standards and demonstrating our proactive approach to maintaining a secure operational environment.
Beyond certification: A commitment to excellence
For Datactics, the ISO 27001 certification is more than just a formal recognition; it embodies our ongoing commitment to excellence in information security and sets the stage for future advancements.
Achieving ISO 27001 is a significant milestone for Datactics and is the result of hard work and dedication from the entire team as we aim to grow and improve our security posture, proving the team’s dedication to providing secure and reliable policies and procedures that protect ourselves and our clients.
This milestone is more than just an endpoint; it marks the beginning of an ongoing journey. As we continue to innovate and expand our platform, maintaining a robust information security practice will remain a top priority. Backed strongly by our senior management team, we are ready to build on this foundation, creating a more secure, process-driven, and impactful data quality platform that will positively influence the industry.
As we continue our journey, the ISO 27001:2022 Certification for Information Security Management System reinforces our dedication to building a more secure, process-driven, and impactful data quality platform that will positively influence the industry. As a team, we are excited to see what comes next.
About ISO 27001:2022
The ISO 27001 certification is recognised as the global benchmark for managing information security. Datactics accreditation has been issued by NQA, a leading global independently accredited certification body that provides assessments (audits) of organisations to various management system standards since 1988. The process was supported by Vertical Structure, who conduct technical security training, helping companies to achieve certification to international standards such as ISO27001.
