• Blog
  • What is ISO 27001 certification and why is it important?

What is ISO 27001 certification and why is it important?

Last updated 20 October 2023

Boost.ai has been granted ISO27001 certification. Here’s what that means and why it’s important.

ISO 27001 certification is an internationally recognized standard that outlines the requirements for establishing, implementing, maintaining, and continually improving an information security management system within an organization. It demonstrates the organization's commitment to managing information security risks and protecting the confidentiality, integrity, and availability of sensitive information.

Boost.ai decided early to implement an information security management system (ISMS) compliant with ISO 27001, and certify against that standard.

The process has been ongoing for several years, and, as of May 2021, we have not only achieved the certification, but also been rated as having a high effectiveness of implementation.

The process of achieving ISO certification included the whole company, both for agreeing security related processes and mechanisms, but also for ensuring awareness, following the policies and processes, and continuously improving these.

We have been praised by auditors for our good security culture, and with this culture and the continual support from top management, it has been a pleasure being part of this journey.

Why is ISO 27001 certification so important

ISO 27001 is a stamp of approval that means boost.ai can be trusted to manage the information security and privacy of both our own and our customers' data. Our accreditation comes from DNV, a well-respected company that is trusted globally for its certification work..

And our commitment to security doesn’t stop here. We will continue to be audited every year and, with that, prove to our customers and partners that we have a comprehensive management system for information security, reducing the need for other audits and questions about security. The security measures we have implemented are based on identified risks and reduce those risks to an acceptable level.

Some highlights of what was implemented:

As a company, we now have an overall information security policy, as well as 14 other information security related policies, setting the ground rules of what we do. The ISMS holds a large scope - 110 of 114 security controls are relevant and implemented. Each control is measured annually to verify its implementation.

We have also implemented a security awareness program to raise awareness amongst employees. The security awareness program is mandatory and based upon the policy rules set for the ISMS as well as most common threats for the company and best practises to avoid them.

Processes are documented together with a process owner, process contributors and managed by a process improvement lead. Processes are set up using flow charts with role bands to clearly assign responsibilities for the specific activities. All processes are reviewed by the Security Manager and specify the security controls covered through that specific process. The processes are reviewed annually.

We have a risk manager ensuring that risks are identified annually and as part of changes, and the risks are analysed to agree risk levels. Risk treatment plans are agreed with management and followed through until any residual risk is acceptable.

Our conversational AI platform is particularly hardened and has many security features, including adherence to GDPR standards.

This website is using cookies to provide a good browsing experience

These include essential cookies that are necessary for the operation of the site, as well as others that are used only for anonymous statistical purposes, for comfort settings or to display personalized content. You can decide for yourself which categories you want to allow. Please note that based on your settings, not all functions of the website may be available.

This is how and why we use cookies

Here you can store more detailed information on the cookies used or describe individual cookies in depth.

Your cookie preferences have been saved.