We are happy to announce that Mapp recently completed an independent third-party audit to renew its existing ISO 27001 certification and achieve ISO 27018 certification for cloud data privacy.
Achieving the ISO 27018 certification on top of the existing ISO 27001 certification for information security management underscores Mapp's commitment to the safeguarding of its customers' personal data. It also demonstrates Mapp's capability to monitor, measure, and improve according information security and privacy measures and sets us apart from our direct competitors. Security and privacy are an absolute top priority for Mapp and form an integral part of our cloud service offerings - these are not just words, we can prove it!
What is ISO 27001?
ISO 27001 is the international standard for information security management and defines the requirements for the introduction, operation, monitoring, and continual improvement of an effective information security management system (ISMS). It systematically ensures that an organization implements and maintains adequate technical and organizational security measures in line with state-of-the-art, industry-specific needs, risk, as well as legal and contractual obligations. The scope of ISO 27001 is not limited to personal data and an organization's cloud offerings.
What is ISO 27018?
The International Organization for Standardization 27018 Standard (ISO 27018) specifically covers privacy protections for the processing of personal information by cloud service providers. It focuses on the protection of cloud service customers' personal data in the cloud and therefore extends an existing ISO 27001 control framework with privacy specific requirements. This control framework is very well aligned with data protection legislation, such as the GDPR, and is therefore an excellent tool for both implementing and demonstrating compliance with legal and derived contractual requirements.
Why does it matter?
We believe that our customers must be in a position to trust us as their marketing technology provider. It's not feasible for them to audit us individually, so it's important for us to have independent certification - which is much more than a piece of paper.
Certified compliance with ISO 27018 means that Mapp has effectively implemented appropriate controls for dealing with customers' personal data. The certification helps our existing and prospective clients satisfy their own legal obligations on assuring the data protection capabilities of the third-party service providers they use (e.g. Art 28 sec. 1 GDPR) - by verifying the scope and validity of the certificates. Since certified compliance with the ISO 27018 requires annual third-party verification, the rigor of this process and the resulting certificate should give customers additional confidence in Mapp as the right marketing tech provider.
The scope of the ISO 27001 and ISO 27018 certification is Mapp Engage hosted in the EU and Russia. In terms of personal data processing and protecting such, Mapp Engage is the most important element of the Mapp Cloud Suite. All of Mapp follows the same information security and privacy policies and standards, and our information security & privacy team ensures that the entire organization is and remains compliant with these standards.