The Certification Institute for Research Quality (CIRQ), an International Standards Organization (ISO) audit and certification body that is a subsidiary of the Insights Association, has awarded certification to ThreatModeler Software for compliance to ISO 27001, one of the most widely recognized and internationally accepted information security standards.
Accredited certification to ISO 27001 involves undertaking regular reviews and internal audits to ensure the continual improvement of the information security management system (ISMS). ThreatModeler's certification will be verified annually by CIRQ's independent audit to establish continued compliance and data protection.
ISO 27001 provides a framework for companies to manage their data security. It establishes requirements for information controls to manage people, processes and technology across the technological aspects of security as well as corporate security, physical security and more. The certification relies on regular risk assessments, consistently requiring a company to identify and treat security threats. ISO 27001 is accepted worldwide as an assurance that proper and continual measures have been taken to protect valuable company data.
"This accomplishment demonstrates ThreatModeler's commitment to security and transparency at all levels – from the design, development and deployment of our IT infrastructures to the provision of support services," said Archie Agarwal, CEO and Founder of ThreatModeler. "The ISO 27001 certification is not just an investment in ThreatModeler, but also in the customers and partners who trust us to keep their data safe and secure."
To achieve ISO certification, ThreatModeler engaged in an in-depth risk assessment, a comprehensive review of all information security policies and procedures, and internal audits. The scope of certification is broad, covering the governance and management of client information, services and activities carried out by supporting IT functions to ensure information integrity, availability, and confidentiality. As a further step in the validation, the company's information security management system was assessed via review of its documentation, practices, and controls.
About ISO 27001
ISO 27001 provides requirements for establishing, implementing, maintaining and continually improving an information security management system. The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. It is important that the information security management system is integrated with the organization's processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organization. This International Standard can be used by internal and external parties to assess the organization's ability to meet information security requirements. ISO 27001 can be mapped to other information security schemes such as Hitrust, NIST and Soc2. Compliance with the standard also enables a company to meet global security laws, such as the NIS Directive and the GDPR.
ThreatModeler is an automated threat modeling solution that fortifies an enterprise's SDLC by identifying, predicting and defining threats, empowering security and DevOps teams to make proactive security decisions. ThreatModeler™ provides a holistic view of the entire attack surface, enabling enterprises to minimize their overall risk.
A subsidiary of the Insights Association, CIRQ (the Certification Institute for Research Quality) was established to provide assessment and certification services to market research firms seeking certification to ISO 20252:2019 and ISO/IEC 27001:2013. A non-profit entity, CIRQ is committed to providing timely, thorough, and impartial assessments of its customers' research process management or information security management systems in regard to certification to corresponding standards. CIRQ was established in compliance with all ISO requirements for certification bodies that provide auditing and certification services and is fully accredited by ANSI's National Accreditation Board. To conform to its mandate of objective and impartial audits to these ISO standards, CIRQ is independently operated and managed under the oversight of an independent Board of Directors and submits to annual moderation by external authorities on ISO certification bodies.
About The Insights Association
The Insights Association protects and creates demand for the evolving Insights and Analytics industry by promoting the indisputable role of insights in driving business impact. All revenue is invested in quality standards, legal and business advocacy, education, certification, and direct support to enable our members to thrive.
Art Flanagan, Vice President, Communications