,

Evolving the Deepwatch Security Program With ISO 27001

By Chad Cragle, Sr. Director, Enterprise Security & Compliance

Estimated Reading Time: 3 minutes

Since its inception, Deepwatch has remained committed to leading by example in the cybersecurity industry. Before we announced the Deepwatch name, we were driving toward third-party validation via SOC 2 Type II and PCI DSS Level 1 Service Provider assessments, bringing transparency to our security capabilities and providing peace of mind to our customers.

Deepwatch continues investing in our security program making it more robust and resilient. We understand the importance of maintaining the highest security standards, especially when handling sensitive data and systems subject to various state, national, and international laws and regulations.

We committed in 2023 to enhance our security program by testing our Information Security Management System (ISMS) against the international standard ISO/IEC 27001:2022. Unlike SOC and PCI assessments, which focus on specific controls and credit card data protection, ISO 27001 evaluates our overall information security management, emphasizing people and processes.

In May 2024, our auditing firm confirmed that the Deepwatch ISMS conforms to ISO/IEC 27001. This certification is not just a one-time achievement; it requires an ongoing commitment to demonstrate that we are managing our program as documented, continuously proving our dedication to the security and privacy of our customers’ information and systems.

Understanding ISO 27001

ISO/IEC 27001 is an internationally recognized Information Security Management Systems (ISMS) standard. It ensures the confidentiality, integrity, and availability of sensitive company information, safeguarding it against threats and vulnerabilities. Achieving ISO 27001 certification is a significant milestone, showcasing our commitment to maintaining the highest information security standards.

The Audit Process

The process is thorough and involves several stages. For Deepwatch, it began with a preliminary audit or gap analysis, followed by a detailed documentation review and an assessment of our ISMS implementation and effectiveness. This process required meticulous evidence collection and close collaboration across departments.

Achieving ISO 27001 certification was a collective effort from the entire organization. The dedication and hard work paid off when we passed the audit without any opportunities for Improvement (OFI) or findings, reflecting our robust information security practices.

This certification signifies our commitment to information security for our customers and Deepwatch. It reassures our customers that their sensitive information is protected, enhancing their trust and confidence in our services. Additionally, it positions us competitively in the market, demonstrating our adherence to internationally recognized standards.

In conclusion, the journey to ISO 27001 certification is demanding yet rewarding. It strengthens our information security posture and fosters a culture of continuous improvement and excellence. Leading this effort has been a privilege, and the certification is a testament to our commitment to securing our customers’ data.

Chad Cragle, Sr. Director, Enterprise Security & Compliance

With over a decade and a half of real-world experience as an Information Security and Compliance Subject Matter Expert, Chad has a proven track record of transforming and maturing companies’ security postures. As a key member of Deepwatch’s Security Team, he enables proactive Security, Compliance, and Privacy improvements. Chads leadership helps the team anticipate future challenges and scales the programs effectively. He’s dedicated to building a strong foundation for Deepwatch’s security initiatives.

Read Posts

Share

LinkedIn Twitter YouTube

Subscribe to the Deepwatch Insights Blog