πŸ”’

ISO/IEC 27001:2022 Compliance

iSamic adheres to the international standard for Information Security Management Systems (ISMS), ensuring the highest level of data protection and security for our platform and mobile applications.

Our ComplianceView Resources

What is ISO 27001?

The global gold standard for information security management

ISO/IEC 27001 is the international standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive company and customer information, ensuring confidentiality, integrity, and availability.

πŸ”

Confidentiality

Ensuring information is accessible only to authorized individuals and systems

βœ“

Integrity

Maintaining accuracy and completeness of information and processing methods

⚑

Availability

Ensuring authorized users have access to information and assets when needed

How iSamic Complies

Our comprehensive approach to information security management

πŸ“‹

Security Controls (Annex A)

93 security controls across 4 categories

β€’

Organizational Controls

Information security policies, asset management, access control policies

β€’

People Controls

Background verification, security awareness training, disciplinary process

β€’

Physical Controls

Physical security perimeters, secure areas, equipment security

β€’

Technological Controls

Access control, cryptography, network security, secure development

πŸ›‘οΈ

Data Protection

Protecting audit data and user information

πŸ”

Encryption in Transit

TLS 1.3 protocol

πŸ’Ύ

Encryption at Rest

AES-256 encryption

πŸ”

Security Audits

Regular penetration testing

πŸ’Ώ

Backup & Recovery

Disaster recovery procedures

πŸ“Š

Access Logging

Comprehensive audit trails

πŸ‘οΈ

24/7 Monitoring

Real-time threat detection

πŸ”‘

Access Control

Multi-layered authentication and authorization

βœ“

AWS Cognito for user authentication and identity management

βœ“

Role-based access control (RBAC) for system features

βœ“

Multi-factor authentication (MFA) support

βœ“

Session timeout and automatic logout

βœ“

Password policies enforcing complexity requirements

🚨

Incident Management

Detecting and responding to security incidents

24/7 Monitoring

Continuous security monitoring and alerting systems

Response Procedures

Documented incident response and escalation paths

Regular Drills

Security incident drills and tabletop exercises

Continuous Improvement

Post-incident analysis and lessons learned

Official ISO 27001 Resources

Authoritative sources and certification bodies

Standards & Guidelines

🌐

ISO Official Website

International Organization for Standardization

Official ISO 27001:2022 standard documentation and comprehensive information

Visit ISO.org β†’
πŸ“š

ISO 27001 Implementation Guide

Comprehensive implementation resources

Detailed guide on implementing ISO 27001 ISMS in your organization

Read Guide β†’
πŸ‡ΊπŸ‡Έ

NIST Cybersecurity Framework

U.S. National Institute of Standards

Complementary framework for managing cybersecurity risks

Visit NIST β†’
πŸŽ“

SANS Security Resources

Security training and certification

Security best practices and ISO 27001 training resources

Visit SANS β†’

Certification Bodies

πŸ›οΈBSI Group

British Standards Institution

Visit BSI β†’

🌍SGS

SociΓ©tΓ© GΓ©nΓ©rale de Surveillance

Visit SGS β†’

πŸ‡ΏπŸ‡¦SABS

South African Bureau of Standards

Visit SABS β†’

βœ“SANAS

South African National Accreditation System

Visit SANAS β†’
πŸ“§

Questions About Our Security?

For security-related inquiries or to request our security documentation, please contact our information security team.

Contact Security Team