Gearset is now ISO 27001 certified!
David Runciman on August 15th 2019
We're delighted to announce that Gearset is now ISO 27001 certified!
Proving you can trust us
Trust is at the heart of everything we do at Gearset. We know that our users trust Salesforce with their most valuable and sensitive data. Gearset was built to respect that trust. We've worked hard to make sure your information is always secure. And as a result, the BSI has certified Gearset's compliance with ISO 27001.
We're particularly pleased that we only needed to make a few small changes as part of this process. In other words, we were pretty much compliant with ISO 27001 standards all along. We've always said you could trust us, and now we have the certificate to back that up.
Your information has always been safe with us
From the outset, Gearset made security a priority that governs our day-to-day work. We all use password managers. We don't reuse passwords across services. And we use two-factor authentication for services that support it. These practices weren't introduced for the sake of getting the ISO certification, as one of our engineers describes:
"For ISO I did an audit of all my accounts to make sure they were using strong passwords (they all were already) and rotated some of my most important ones (I try to do this regularly). My password manager made it super easy." - Oli
All user data is encrypted in transit and at rest, and all data is regularly backed up as part of our disaster recovery plan. To avoid exposure to known security issues in third-party resources, we use the Renovate bot to receive automatic pull requests whenever dependencies need updating. We also use a whitelist for access to our production systems, so that no one can connect from an IP we don't trust - even with valid credentials.
Again, none of this is new. Our attitude to security has been consistently careful. Another of our engineers put it like this:
"We treat customer data in the same way we'd expect any company to treat our own personal data - with respect and care." - Barry
So what has changed?
As we worked to secure ISO 27001 certification, there were a few things that we changed. New employees now receive dedicated training on ISO standards; 'old' employees get refreshers. We also compiled and codified the knowledge and practices already existing in Gearset to produce documentation on our information security management system.
In short, this process has given us the opportunity to confirm that we're following best practice - and to make sure that we continue to do so.
Want to know more?
To find out more about how we protect your information, take a look at our page on security and compliance. If you have further questions, contact [email protected] to request our security whitepaper.