We’re now ISO 27001 certified!

After several months of learning and preparation, OpenSanctions has passed its first independent audit to ensure our organisation’s adherence to the ISO 27001 standard for information security.

We want to make sure that our data product is backed by a mature and reliable organisation. This is essential to our customers, who rely on OpenSanctions for a key ingredient to their compliance process. We don’t just want to build great technology, but also do so in a way that it is suitable for use in any regulated environment.

One part of that is certification. ISO 27001 defines how organisations should approach the management of information security, and, in order to do so, the design and implementation of their IT systems more broadly.

That is why we’re defining practices and safeguards to make sure our data product is built and delivered in a way that guarantees the integrity and fidelity of the information published by government authorities as we process, combine and refine it.

That also means building an organisation that is mindful of its own processes, regularly reviews and refines them, and makes sure that we set up our team in such a way that we can sustainably deliver the product we’re keen to deliver. We went through a thorough process of threat-modelling and have produced a set of policies that are suitable for a remote organisation, and monitored using the Vanta platform in order to ensure that they continue to adapt and scale with our team and our work.

There really is no dignified way to illustrate cyber security (Foto: Blue Coat Photos)

After spending several months defining and implementing our internal Information Security Management System (ISMS), we underwent our first external ISO 27001 audit in late April and were now notified that we have been fully certified to be in compliance with the standard.

We want to thank Consilium Labs, the Vanta team, and our own amazing Security Consultant, Paul May, for their brilliant support in this process.

Like what we're writing about? Keep the conversation going! You can follow us on LinkedIn, subscribe to our E-Mail newsletter or join the Slack chat to bring in your own ideas and questions. Or, check out the project documentation to learn more about OpenSanctions.

Published:

This article is part of OpenSanctions, the open database of sanctions targets and persons of interest.