There’s always a trade-off with software services, or apps: convenience vs privacy. Entrusting sensitive customer, product and pricing data to a 3rd party can bring massive benefits, but at what potential data security risks? It just takes one question to know if your app provider is taking data security seriously and doing all they can to look after your data.
The security of your data should be non-negotiable
Subscribing to a software service, or an app, enables businesses to benefit from innovative and time-saving features without a big upfront investment in infrastructure or a long-term commitment. In return, business apps require very intimate access to sensitive company data, like customer information, product price lists and employees’ personal details, in order to provide an effective service. The more access an app has to core business information, the more value the app is able to deliver.
It’s therefore crucial that your app provider takes data security seriously to minimise a data breach. If the right infrastructure, systems and processes aren’t in place, your data could risk falling into the wrong hands, which could result in litigation by your customers and stiff penalties, as seen this week with British Airway’s data breach and resulting fine of £183 million.
How do you know your Software as a Service provider takes data security seriously?
Ask them if they have an ISO 27001 certification. Any reputable app provider should have an information security programme in place that proactively ensures that data under their control is properly protected.
What is an ISO 27001 certification?
An ISO 27001 certification confirms that the highest internationally recognised security standards, agreed upon and set by members from 164 countries and 783 technical committees and subcommittees, are met. The International Organization for Standardization (ISO) is an independent, international organisation based in Geneva, Switzerland, that develops the global standards for security and safety, among others. Independent certification service providers conduct audits and grant the appropriate certifications.
Why is an ISO 27001 certification important to you and why does anyone care?
ISO 27001 certification means your data security is being taken seriously and that your service provider has met the global benchmark in looking after your data. Practically, it means that an audit was conducted by an independent certification service provider. They consider the various data security risks a company is exposed to, ensuring that the right controls are in place to reduce these risks to an acceptable level. This audit looks beyond the general storage of data to how it is handled among a company’s employees and also the physical security of the premises where the company conducts their daily business.
After in-depth certification assessments on the various ISO standard requirements have been carried out successfully, they provide companies with a valued, independent compliance report and certification.
Skynamo recently received an ISO 27001:2013 certification.
Skynamo, recently achieved ISO 27001:2013 certification, joining a relatively small number of tech providers worldwide to have achieved this certification: only 69 companies in South Africa and only 7,748 tech companies worldwide.
So, what does this mean for Skynamo customers? It means their sensitive business data is in the safest possible hands and is rigorously protected from falling into the wrong hands.
It confirms that Skynamo has a system, the policies and the procedures in place to achieve and support our three main security objectives:
- securing customer information,
- securing product information, and
- securing company information
In particular, it ensures the following:
- Customer data is only used for the purpose of the service we commit to provide
- We adhere to customers’ unique requirements for data-handling
- Customer data is not shared with unauthorised 3rd parties
- Customer data is accessible only to a very restricted team of individuals at Skynamo who have received training on how to handle your data appropriately
- Customer data is stored in a segregated way, not to be confused with other customers’ data
- Backups of customer data are properly protected
- Data that’s no longer relevant is deleted
So, as businesses continue to move their data off their own premises and into the cloud to be stored and managed by app providers such as Skynamo, it’s critical that businesses select app providers that meet international standards of excellence for data protection.
Are your app providers meeting international standards in keeping your data secure? Do they have an ISO 27001 certification?