🎉 Shipfix is proud to announce that we are now ISO 27001 and 27701 certified!
In a world where data has become such a key asset, our company value is directly related to our ability to protect the integrity of personal and sensitive commercial data owned by our clients and users.
With this in mind, Shipfix was founded with security and privacy as a core value. Obtaining and maintaining ISO 27001 and 27701 certifications is our chance to demonstrate our commitment to this value with the help of an internationally recognised standard.
What are ISO 27001 and 27701?
ISO 27001 provides standard requirements for establishing, implementing, maintaining and continually improving an information security management system. ISO 27701 is an extension of the former focused on Personally Identifiable Information (PII) and privacy.
In practice, it ensures that we have the best practices implemented for Security and Privacy whilst ensuring:
-
- 🛡 Integrity of your data and ours.
- 🔍 Traceability of information to verify the history, location, or application of an item by means of documents information.
- 🕛 Availability to ensure we are able to react quickly in case of an incident and to make sure that we do not let you down.
- 🤫 Confidentiality by making sure your data is kept secure with restricted access through multiple security layers.
But Why?
At Shipfix, we aspire to nothing less than excellence and we make it our top priority day after day. Our client's interests always come first and we protect their privacy and security accordingly.
We’ve been saying this since day 1 but we wanted to go even further and to demonstrate this commitment.
We want Shipfix to lead by example in the market and to be seen as the industry reference with regards to the protection of information and privacy.
These two certifications will ensure peace of mind not only for ourselves but most importantly for our clients, even the most demanding of them, by providing the highest level of protection for their organisation, their assets and safety.
Article 42 of the GDPR encourages the establishment of data protection certification mechanisms. No such mechanism has yet been officially recognised by the EU but in our view ISO 27701 is the best mechanism available at the moment.
What’s next?
We’ve committed all resources at our disposal and worked tremendously hard over the last 8 months to pass these two certifications but it’s not over yet. We must continue our efforts to guarantee security and privacy over time. Each year our management system will be checked by external auditors and every three years we will need to pass a full audit. So this is only the beginning of the story.
What does it mean for Shipfix customers?
It will provide the assurance that we have in place a strict security and privacy program assessed by an independent third party to meet the most demanding international standards.
You can rest assured that:
- 🏰 Your data is in safe hands:
- We have a mature Information Security Management System which is stress-tested regularly.
- We continuously monitor the 114 control points of ISO 27001.
- Our management system covers all aspects of our business, including but not limited to: information security policies, human resources security, asset management, access control, cryptography, physical and environmental security, operation security, communication security, information transfer, supplier relationship.
- 🤐 We only use your personal data to the extent that we need to for legitimate purposes and do not retain it any longer than needed:
- We have a strict privacy program assessed by certified independent auditors.
- We are clear and transparent when it comes to how we collect data, what we collect and what we do with it.
- We continuously monitor the 49 control points of ISO 27701.
- Ensure that your data will be handled to meet and exceed GDPR requirements both as data controller and processor.
What does it mean for Shipfix as a company?
Our existing customers welcome this significant qualification and we are already noticing a clear mark of interest amongst the larger listed and regulated organisations looking to revamp their trading and chartering setup as they see the opportunity to partner with an organisation that shares their high standards.
It will also allow us to maintain our current growth rate without compromising security and privacy, for example, it facilitates the onboarding of new Shipfix staff with clearer guidelines and policies. We boost operational agility. Everything we do is documented and it helps us sleep better at night knowing that we have implemented the most secure environment for our clients and ourselves.
Special thanks
One of the first requirements for this certification is that “top management shall demonstrate leadership and commitment with respect to the information security management system”. As CFO and COO of Shipfix, I’ve been running this project since my first day at Shipfix and I would like to thank our co-founders and co-CEO for their dedication to this certification. They led by example and understood very well the meaning of leadership and commitment.
A BIG thank you to the entire Shipfix team who spent time answering my endless list of questions and for having embraced our new security and privacy standards.
We could not have achieved this certification in such a short period of time without amazing partners and advisors. Thank you to the entire team at Akant, our advisors, and particularly to Damien Peschet and Philippe Labare. They’ve worked relentlessly to help us get to speed and most importantly make us understand the mindset behind such certifications.
Also thanks to Jackie Fronheiser from Vanta for her assistance. Vanta is a great tool to simplify and automate many of the complex and time consuming monitoring required by the ISO norm.
Related information
Contact us
For more information about our experience running the ISO certification or any other questions on our security and privacy management system you can reach out to Gregory Tilmant, our CFO and COO, via privacy@shipfix.com