December 5, 2018 0

More than a certificate on the wall

Posted by:Bridie Kruck onDecember 5, 2018

Last updated: September 2019

The WhosOnLocation path to ISO certification

In early 2018 we made a decision to embark on certification to gain ISO 27001. Our primary driver is to ensure we continue to provide our customers with confidence that the security of the information stored within WhosOnLocation is our top priority.  

Today we comply with international standards around data privacy, like GDPR. We adhere to OWASP, an internationally recognised standard for good web application technical security controls, and we engage independent auditors every year to ensure compliance along with regular vulnerability testing by 3rd parties.

The ISO 27001 certification will greatly enhance our existing security practices and is focused on the WhosOnLocation Information Security Management System (ISMS) and measures how our internal security practices follow the ISO standard. We also wanted to:

  1. Implement a security framework with controls.
  2. Establish and rollout a risk management program.
  3. Have an ongoing compliance and improvement process.  
  4. Gain a reputable internationally recognised standard.

What is ISO 27001?

ISO 27001 is the international standard which is recognised globally for managing risks to the security of information you hold. Certification to ISO 27001 allows you to prove to your clients and other stakeholders that you are managing the security of their information.

ISO 27001 uses a top-down, risk-based approach and is technology-neutral. It is broken into a six-part planning process:

  1. Define a security policy.
  2. Define the scope of the ISMS.
  3. Conduct a risk assessment.
  4. Manage the identified risks.
  5. Select control objectives and controls to be implemented.
  6. Prepare a statement of applicability.

The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all departments of our team.

What does ISO 27001 mean to you as a customer or partner?

On gaining certification you as our customers and partners can have more confidence that:

  • We are taking appropriate control measures to protect confidential and privileged information.
  • We are following international best practices to mitigate cyber threats and have a cyber incident response and management processes to respond to cyber attacks.
  • We have established a formal information risk management process and a functioning ISMS or Information Security Risk Management System.

By working towards and gaining ISO 27001 certification in 2019 we are further enhancing our commitment to providing the best tools to keep your organization’s information, and those within it, safe and secure.

We’ll keep you up updated along the way and If you have any questions on our path to ISO 27001 certification email us at

Subscribe now

Leave a Reply

Your email address will not be published. Required fields are marked *

© WhosOnLocation 2020