VinciWorks achieves ISO 27001 certification

VinciWorks is proud to announce that it has been certified with the highest internationally recognised information security standard, ISO 27001:2013. This certification was achieved after a rigorous audit by an independent, internationally accredited certifying body.

What is ISO 27001?

ISO 27001 is one of the most widely recognised and internationally accepted information security standards. It defines how an organisation should manage and treat information more securely, and defines the security controls that should be implemented. Its best-practice approach addresses not only the technology but also the people and processes involved in keeping data secure.

What does being ISO 27001 certified mean?

By being ISO 27001 certified, VinciWorks has proven that it has a world-class information security and cyber security management system in place. It guarantees that all employees are properly trained, that IT infrastructure has been audited, that the offices are secure, risk assessments have been conducted and more.

What does this mean for VinciWorks’ clients?

Being ISO 27001 certified is independent evidence of VinciWorks’ commitment to data security. It ensures that:

Client data is rigorously protected
Cyber and infosec risks have been assessed and mitigated
Information security is embedded into decision making, processes, HR, employee training and IT
We have created a culture of security where all employees prioritise security by design

The ISO certificate is available upon request.

This certification is another milestone in our ongoing commitment to data security and information security. In addition to annual ISO 27001 audits, our applications are regularly penetration tested by independent cyber auditors and our sensitive client data is encrypted in transit and at rest.

VinciWorks will continue to move the bar forward on its information security best practices as well as its commitment to data privacy.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”