We want to make sure that our data product is backed by a mature and reliable organisation. This is essential to our customers, who rely on OpenSanctions for a key ingredient to their compliance process. We don’t just want to build great technology, but also do so in a way that it is suitable for use in any regulated environment.
One part of that is certification. ISO 27001 defines how organisations should approach the management of information security, and, in order to do so, the design and implementation of their IT systems more broadly.
That is why we’re defining practices and safeguards to make sure our data product is built and delivered in a way that guarantees the integrity and fidelity of the information published by government authorities as we process, combine and refine it.
That also means building an organisation that is mindful of its own processes, regularly reviews and refines them, and makes sure that we set up our team in such a way that we can sustainably deliver the product we’re keen to deliver. We went through a thorough process of threat-modelling and have produced a set of policies that are suitable for a remote organisation, and monitored using the Vanta platform in order to ensure that they continue to adapt and scale with our team and our work.
There really is no dignified way to illustrate cyber security (Foto: Blue Coat Photos)
After spending several months defining and implementing our internal Information Security Management System (ISMS), we underwent our first external ISO 27001 audit in late April and were now notified that we have been fully certified to be in compliance with the standard.
We want to thank Consilium Labs, the Vanta team, and our own amazing Security Consultant, Paul May, for their brilliant support in this process.
- Visit our online Trust Center.
