Share this article on:
Online Tech has announced that following a five-month process of audits by NSF International, all five data centers and its Ann Arbor, MI headquarters have been confirmed as compliant with ISO 27001.
ISO 27001 sets rigorous standards for Information Security Management System (ISMS) to ensure all sensitive information is properly managed and remains secure at all times. ISO 27001 covers the implementation of the ISMS, its maintenance, and policies and procedures to ensure continuous improvements are made and high standards are maintained.
ISO 27001 sets standards assessing risk, which are tailored to each organization, and in-depth risk management processes are required covering people, processes, as well as IT systems. Those risks must be managed and reduced to a low and acceptable level.
In order to pass the audits and be certified as compliant, Online Tech’s ISMS was required to meet the minimum standards across 14 specific controls, which the company did without any exceptions or corrective actions at all 5 data centers and headquarters. Those controls include the information security policy, risk assessment and risk management process, security objectives, providing evidence of the competence of information security staff, documentation checks, planning and control, the results of the risk assessment and risk management decisions, information security monitoring and measurement, and top management reviews of the ISMS.
In addition to being certified as ISO 27001 compliant, the company is also compliant with the Health Insurance Portability and Accountability Act (HIPAA), PCI DSS, SOC1/SOC2, and the EU-US Privacy Shield.
“Online Tech has always had a focus on a culture on compliance, and we believe this audit will make a huge difference to our customers,” said Jason Yaeger, Online Tech Security Officer and VP of Business Development and Strategic Solutions. “They trust us to keep their data secure and compliant, and this is just one more example that by hosting their data with us, clients can prove to their own end users that their data is well protected.”