ISO 27001:2013 & GDPR

April 2022

ISO 27001:2013 & GDPR

We take data seriously, and if you want to know more about our company, the promise we make to our customers and their data, and the scope of our IT security policy, read on.

What is ISO 27001:2013?

ISO is an international information security management standard. It’s recognized internationally, and the same certification is granted in all countries. This means it’s not just relevant in the United States (like the California Consumer Privacy Act [CCPA]) or Europe (like the General Data Protection Regulation [GDPR]) 

The short answer: it’s a quality stamp that we handle data in a secure way.

Why is Business at Night ISO 27001:2013 certified?

We applied to get ISO27001:2013 back in 2021 certified for two reasons:

1. Business at Night is a company that operates within the European Union, and therefore we are GDPR (General Data Processing Regulation) compliant. Undergoing the ISO certification gave us the chance to strengthen our GDPR alignment.

2. We saw the need for us to show that we have processes in place to handle data securely. Since we received the first certification, we still strive each year to improve our security process. At our latest ISO review we raised our maturity to level 4 out of 5. 

What it means for customers that Business at Night is ISO 27001:2013 certified

To put it succinctly, it means that the data we handle is secure. That means our customers and our customers’ customers can be sure that we know what to do in a situation in which data has been compromised. 

To expand on this, it also means that all significant IT assets, i.e. systems, data, computers, communication equipment, IT sites, etc. have a security rating, are registered, and can be traced to an owner. It also means that access is given on a need-to-have basis.