Valamis product buzz – security & compliance updates

What’s new?

Wishing you a safe and secure season’s greetings! Valamis is starting 2023 with a small gift to those working on learning vendor due diligence in IT, Security, and Procurement – we are re-certified in ISO/IEC 27001:2013, ISO/IEC 27017:2021, and after a detailed audit we have completed an ISAE 3000 type II (SOC 2) assurance report. Valamis is committed to the highest level of security and keeping your data fully protected.

For a full list of security measures: https://www.valamis.com/product/data-security

“User and customer data are the most valuable assets we process. Getting an assurance report and a certificate from a 3rd party, gives us validation that our security measures are up to date and reinforces our dedication to keep all our data secure.”
– Jukka Keto, Security Vice President

Why should you care about these security measures?

The World Economic Forum’s Global Cybersecurity Outlook report indicated that cyber-attacks increased 125 % globally in 2021 with more expected over time. As many learning solutions are expected to integrate to many solutions and deliver learning globally, it is crucial to work with providers that are following internationally recognized standards for protecting your cybersecurity. Learning should not be a vulnerability, but one of your greatest superpowers.

How these security measures benefit you

• Secure information in all forms, including paper-based, cloud-based and digital data
• Increased resilience to cyber-attacks
• Ensure organization-wide protection, including against technology-based risks and other threats
• Respond to evolving security threats
• Reduce costs and spending on ineffective defence technology
• Protect the integrity, confidentiality and availability of data

Source: https://www.iso.org/isoiec-27001-information-security.html 

What is ISO?

There are a lot of buzzwords and acronyms out there so let’s break this down:

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 167 national standards bodies that develops and publishes standards.

Standards are internationally agreed upon by experts and ensure that people and companies globally are following the same benchmarks for handling data, product quality, food safety and more.

What is ISO/IEC 27001:2013?

ISO/IEC 27001 is the world’s best-known standard for information security management systems (ISMS) and their requirements. Additional best practice in data protection and cyber resilience are covered by more than a dozen standards in the ISO/IEC 27000 family. Together, they enable organizations of all sectors and sizes to manage the security of assets such as financial information, intellectual property, employee data and information entrusted by third parties. Valamis is ISO/IEC 27001:2013 certified.

Source: https://www.iso.org/isoiec-27001-information-security.html

What is ISO/IEC 27017:2015?

ISO/IEC 27017 provides cloud services information security controls, including guidance for both cloud service providers and enterprises utilizing cloud services. ISO 27017 supplements the basic security controls covered in the ISO 27001 standard. Valamis is ISO 27017:2015 certified.

ISO/IEC 27017 specifically focuses on information security in cloud services and provides guidance on how to protect sensitive information that is stored, processed, or transmitted in the cloud. It covers a wide range of topics related to information security in the cloud, including:

• Security of data in transit and at rest
• Identity and access management
• Data protection and privacy
• Security incident management
• Security of cloud infrastructure and services

The standard is intended to help organizations understand the risks associated with using cloud services and to provide guidance on how to effectively manage those risks. It is not a mandatory standard, but it is widely recognized as a best practice in the field of information security.

Source: https://www.iso.org/standard/43757.html

What is ISAE3000 type II (SOC 2)?

ISAE 3000 type II (SOC 2) report provides user organizations (along with supervisory authorities, regulators or business partners) with information about how a service provider manages customer data.

SOC 2 (System and Organization Controls) is a set of standards developed by the American Institute of Certified Public Accountants (AICPA) that provide guidance on how to evaluate and report on the controls of a service organization. The SOC 2 standards are designed to help organizations demonstrate that they have the necessary controls in place to protect the security, confidentiality, and privacy of their customers’ data.

There are two types of SOC 2 reports: Type I and Type II. A SOC 2 Type I report provides an assessment of the design of the organization’s controls at a specific point in time. A SOC 2 Type II report, on the other hand, provides an assessment of the design and operating effectiveness of the organization’s controls over a specified period, typically six months to a year.

ISAE 3000 is an international standard that provides guidance on how to conduct assurance engagements, including SOC 2 reports. It sets out the professional standards that must be followed when conducting assurance engagements, including requirements for independence, objectivity, and due care.

A SOC 2 Type II report is a detailed assessment of the controls an organization has in place to protect the security, confidentiality, and privacy of its customers’ data. It is conducted in accordance with the ISAE 3000 standard and provides independently measured assurance that the organization’s controls are operating effectively over a specified period. Valamis is ISO/IEC 27001:2013 certified.

Source: https://soc2.co.uk/soc-2