Segmed announced today that we’ve achieved our ISO/IEC 27001 certification. But what does that mean for us as an organization—and for you as our customer?
Here at Segmed, keeping customer and stakeholder data secure is our top priority. To demonstrate that our systems and controls have been designed appropriately to achieve that goal, we sought out an independent assessment from an accredited auditing firm, BARR Certifications.
In this blog post, we’ll explain what it means to achieve ISO/IEC 27001 certification and why we chose to undergo this rigorous compliance audit.
Considered the gold standard in information security, ISO/IEC 27001 is an internationally accepted compliance standard that mandates numerous controls for the establishment, operation, monitoring, maintenance, and continual improvement of an Information Security Management System (ISMS).
The certification attests that an organization has deep-rooted methodologies for business, people, and IT processes, along with an established framework to help identify, manage, and reduce risks surrounding information security.
In simpler terms, achieving ISO/IEC 27001 certification demonstrates that an organization adheres to industry standards for designing, maintaining, and continuously improving their security posture.
Pursuing ISO/IEC 27001 certification is a multi-step process that begins with an internal audit assessing whether an organization’s ISMS has been developed, implemented, and maintained in accordance with the organization’s own standards, as well as those defined by ISO and the International Electrotechnical Commission (IEC).
Following the internal audit, organizations pursuing ISO/IEC 27001 certification are ready to begin the two-stage remediation and certification process, commonly known as the “certification audit.”
During Stage 1, an accredited third-party auditor tests the design of the organization’s ISMS, including reviewing documentation, identifying potential nonconformities, and evaluating the organization’s plan to remediate any issues. Organizations that successfully complete Stage 1 then move on to Stage 2, where the auditor tests the effectiveness of the ISMS, including ensuring areas of concern have been remediated.
At the conclusion of both stages, the auditor reviews the results of their assessments and makes a final decision on certification.
Achieving certification against this internationally recognized standard marks a huge step forward in our efforts to cement our commitment to data security and ensure that we’re prepared to face the challenges of the ever-changing cybersecurity landscape. Our mission involves simplifying access to real-world imaging data to accelerate innovation in healthcare. Real-world data is sensitive, and thus demands the highest standards of security and privacy. We hope this certification inspires confidence and assures our customers and partners that we view data security as a top priority.
Our auditor digs deeper into the steps involved in pursuing and achieving ISO 27001 certification in a series of blog posts:
Current and prospective customers or partners interested in a copy of Segmed’s ISO/IEC 27001 certification report can visit trust.segmed.ai.