When you work with AIMMS, you get upgraded to exceptional care. Customers are our focal point and fundamental to everything we do. That is why we are pleased to announce that we were awarded our ISO 27001 Certification on January 17. This international certification demonstrates that we manage information security in a way that safeguards the integrity, confidentiality and availability of our customers’ information.
We have been investing heavily in information security for a long time, especially since we started offering the AIMMS Cloud Platform four years ago. As cyber security risks were rising across all industries, we decided to further 'up our game' and adopt the ISO 27001 standard. This would offer us a ready-to-use, proven and widely recognized framework for risk management and continuous improvement in information security.
In the course of a year, we created our ISO 27001 compliant Information Security Management System - essentially a collection of documents and forms - and started implementing it. Our guiding principle was to focus only on real risks and take meaningful measures to reduce these risks. We tried to avoid simply adopting commonly used measures without asking ourselves which risk we would really reduce by doing so. We also figured this would minimize unnecessary operational friction.
It is safe to state that by following the rigor and breadth of the ISO 27001 standard, we have beefed up our processes and controls, and increased our knowledge and awareness. This is only the beginning. The standard requires us to continuously improve in this area and verify through periodic internal and external audits that we are doing what we promise to do in our plans and policies.
The benefits to our customers are twofold. On the one hand, further information security risk reduction and on the other, easier risk assessment because of the transparency and use of a commonly applied framework.
It’s great that we passed this first milestone and got certified, but we are very conscious that we cannot afford to lean back now. Managing information security risks requires 24x7 discipline and attention, and continuous hardening of our defenses. And that is what we will do.
More information on ISO 27001
ISO 27001 specifies a framework of policies and procedures for information risk management processes, including all legal, physical, and technical controls. It is an internationally recognized standard for information security. More information can be found on this website.