International Standards Organization (ISO) 27000 series is an internationally recognized framework for best practices in information security management – implementing standards to help protect the confidentiality, integrity, and availability of an organization’s data.
- ISO/IEC 27001:2013 is the best-known standard that provides requirements for an information security management system (ISMS).
- ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services.
- ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
- ISO/IEC 27701:2019 is a privacy-oriented standard that specifies requirements for establishing, implementing, maintaining, and continuously improving a Privacy Information Management System (PIMS). ISO 27701 is based on the requirements, control objectives, and controls of ISO 27001, and includes a set of privacy-specific requirements, controls and control objectives. This standard creates a strong integration point for aligning security and privacy controls, which supports compliance with global privacy standards, such as the California Consumer Privacy Act (CCPA), EU GDPR (General Data Protection Regulation) , and New York SHIELD Act.
Varonis has certification for compliance with ISO 27001, 27017, 27018, and 27701. These certifications were performed by an independent, official ISO 27001/27017/27018/27701 third-party auditor.
We’re committed to information security at every level of our organization, and the Varonis security program is in accordance with industry-leading best practices.