ISO 27001 Certification

The following information will help you understand in greater detail why ISO 27001 certification is important and how it helps to demonstrate Bruntech’s commitment to providing a secure infrastructure for your business-critical applications and data.

What is ISO 27001 certification?

ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. Certification in the standard requires our partner to:

• Systematically evaluate our information security risks, taking into account the impact of company threats and vulnerabilities
• Design and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
• Adopt an overarching management process to ensure that the information security controls meet the our information security needs on an ongoing basis
• The key to the ongoing certification under this standard is the effective management of a rigorous securityprogram. The Information Security Management System (ISMS) required under this standard defines how we perpetually manage security in a holistic, comprehensive way. Certification means a third party accredited independent auditor has performed an assessment of our processes and controls and confirms they are operating in alignment with the comprehensive ISO 27001 certification standard.

What does this mean to you as a customer?

Compliance with this internationally-recognized standard, validated by an independent third-party audit, confirms that our partner’s security management program is comprehensive and follows leading practices. This certification provides more clarity and assurance for customers evaluating the breadth and strength of our security practices.

How will this impact my server instances and data?

Your services will not be impacted. We continue to strive to provide the highest levels of security. The certification is a security credential for your reference.

In general, what is PCI-DSS certification?

The Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard defined by the Payment Card Industry Security Standards Council. PCI certification is required for organizations (merchants and service providers) that process credit card payments. The certification is designed to prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.
PCI-DSS is a standard that specifies best practices and various security controls. Certification in the standard requires organizations to:

• Build and maintain a secure network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong security measures
• Regularly test and monitor networks
• Maintain an information security policy

All organizations processing credit card information, regardless of their deployment model, are required to be certified. For larger merchants (Merchant Level 1 is the largest type), validation of by independent and approved reviewer is required. A PCI Qualified Security Assessor (QSA) is authorized to perform an independent assessment and certify a vendor.

All server side products we offer are hosted on an approved and certified platform with our hosting partner.