Clario Achieves ISO 27001 Certification
Clario has kick-started 2021 with a brilliant new achievement - we’ve successfully passed the ISO 27001 certification! Read more to find out what this certification means for Clario as a company and to you — a Clario user.
What is ISO 27001
The ISO 27001 certification represents high-security standards. In short, ISO is an acronym for International Organization for Standardization. It provides a wide range of requirements for information security management systems to meet so their security systems can be rated and verified.
For Clario, the ISO 27001 certification audit was performed and awarded by Bureau Veritas — an independent organization that specializes in testing, inspecting and providing security certificates for companies worldwide.
Alexandr Maklakov, CIO at Clario, said:
“Achieving ISO 27001 certification shows we are firmly on the right track in constantly improving our product’s security and services along with ensuring the privacy of our users' data.
This certification represents a comprehensive review of all levels of security management, including physical protection, security of products and services, the involvement of the management team, and access to personal user data.
The security offered by our products has always been a priority for us and in the future, we intend to prove this with even more international certifications and independent audits.”
What does ISO 27001 Certification mean to Clario users?
Did you know that ISO 27001 certification has more than a dozen requirements? It’s only when they’re met that a company becomes certified. Here are some of the most important criteria that prove security is at the heart of Clario.
Here we operate using internal and external vulnerability checks and penetration tests. We use internal processes to look for bugs and also invite white hackers to detect and report bugs from the outside.
How does this work?
We don’t just sit and wait for hackers to attack us. We prefer to be proactive, so we invite bug hunters to look for external vulnerabilities in our systems — for a reward, of course. Starting from July 2020 we’ve been participating in Hacker one — a program that lets you work with a vast community of white hackers. They perform compliant vulnerability penetration tests, discover loopholes and report bugs to us.
So far Clario has had:
Total Submissions — 1156
Valid — 131
Reports Resolved — 116
Open Reports — 15
All hackers who have submitted a report — 684
Hackers who were rewarded — 57
All companies have security incidents. That’s why we’re choosing to improve our incident detection rates. This helps us react quickly to bugs and fix them. It’s like calling on a Clario superman to come to the rescue!
When in Rome do as the Romans do. That’s the best description for this standard. Clario works under a number of different international laws and requirements. For instance, if you reside in Europe we’ll work under the European GDPR regulations. In addition to that, we comply with our internal standards and company policies.
We take privacy seriously and want to keep your personal data secure. That’s why we collect only necessary information from you as a Clario user, and nothing extra.
Human resource security
Each Clario team member puts your cybersecurity at the heart of what they do. In addition to complying with security policies, all employees pass regular security training.
Access control and cryptography
Only a specific number of Clario employees have access to your personal data.
Cyberattacks pose a threat to your personal information. That’s why we encrypt data and make cybercriminals go empty-handed as the encrypted data is hidden from them.
Physical and environmental security
Storing personal data and information in different locations is always an excellent idea. By doing so we prevent data loss in case something goes wrong with one of our servers. It’s like having a backup of your iPhone on your iCloud and MacBook at the same time.
Achieving the ISO 27001 certification represents a huge milestone for Clario. This has proven that we’re flexible enough to provide high-security standards under volatile and changing circumstances, such as the COVID-19 pandemic.