Blog

ISO 27001 Certification & Cybersecurity Solutions Ensure Data Safety

Written by Smart Touch | Sep 25, 2023 6:02:49 AM

Today, more than ever, data security is essential for any organization. With the large volume of documents and information processed daily, companies have a responsibility to protect this data from cyber threats and accidental losses. This becomes even more critical in the case of Apollo, our Intelligent Document Processing platform that serves all departments and deals with the management and processing of large amounts of documents, and, consequently, data.

A key aspect of ensuring data security is ISO 27001 certification, an international standard for information security management that offers numerous benefits for both software developers and their customers.

 

What Is ISO 27001 Certification?

ISO 27001 is an international standard for information security management developed by the International Organization for Standardisation (ISO). This standard sets requirements for establishing, implementing, maintaining, and improving an Information Security Management System (ISMS) within an organization. The purpose of ISMS is to protect the confidentiality, integrity, and availability of the organization's data and information.

To achieve ISO 27001 certification, an organization must meet strict requirements, establish security policies and procedures, identify, and assess information security risks, and implement appropriate measures to mitigate these risks. An independent audit verifies compliance with the ISO 27001 standard, and obtaining certification demonstrates the organisation's commitment to information security.

 

We Are ISO 27001 Certified.

 

What Does This Mean For You And Your Company?

  1. Protection Against Cyber Threats

ISO 27001 certification involves identifying and managing information security risks. Obtaining the standard is further proof that our flagship product, Apollo, is developed and implemented with strict security measures to protect the data we work with from cyber threats such as phishing attacks, malware, or ransomware.

  1. Strict Compliance with Regulations

 ISO 27001 is globally recognized and helps software developers, like us, comply with data protection regulations such as the European Union's General Data Protection Regulation (GDPR) or HIPAA in the United States.

  1. Reducing the Risk of Data Breaches

Implementing security measures in line with ISO 27001 helps reduce the risk of data breaches and information loss.

  1. Improving Processes and Data Management

ISO 27001 certification requires a systematic approach to information security, leading to optimized internal processes, better risk management, and greater data management efficiency.

 

ISO 27001 certification is a crucial element in ensuring data security in Intelligent Document Processing, offering significant benefits for developers and companies using this solution. However, at Smart Touch Technologies, we didn't stop there.

 

Additional Cybersecurity Solutions We Use

1. All data stored by the Apollo platform is encrypted using the Advanced Encryption Standard (AES), specifically AES-256. We use a common cryptographic library, Tink, which includes our FIPS 140-2 validated module, BoringCrypto, to consistently implement encryption in all Apollo cloud components.

 

2. Each intelligently processed document has a unique identifier. Access control lists (ACLs) ensure that only authorized Smart Touch Technologies operators with exclusive access at that moment can decrypt each document. This access limitation helps prevent unauthorised access to data, strengthening data security and confidentiality processed by Apollo.

 

3. The encryption we use protects documents in three states: at rest, in transit, and in use, as follows:

 Data-at-Rest, used to protect data stored by Apollo, offers several benefits:

- If data falls into the hands of a hacker, they cannot read the data without access to encryption keys. Even if attackers obtain storage devices containing our clients' data, they won't be able to understand or decrypt it.

- Reduces the attack surface* in two ways:

a) it eliminates lower layers of the hardware and software stack.

b) it allows companies to focus their cybersecurity protection strategies on encryption keys, rather than having to protect all data.

*by attack surface, we refer to the points or areas in a system or network that are vulnerable to potential security threats, cyberattacks, or unauthorised access. In other words, all possible entry points or attack vectors that could be exploited to compromise the security of a system or network.

- Acts as a chokepoint because centrally managed encryption keys create a single point where access to data is enforced and can be verified.

- Provides a significant mechanism for protecting our clients' confidentiality. When data is encrypted at rest, the access that systems and engineers have to data and documents is limited.

 

Data-In-Transit, which involves encrypting data before transmission, authentication at both ends of the transit, and decryption and verification at the destination. We use the Transport Layer Security (TLS) protocol to encrypt data in transit for transport security.

 

Data-In-Use, which protects data within documents by encrypting it during processing. For this purpose, we use the Confidential Computing feature of our cloud provider.

 

In conclusion, at Smart Touch Technologies, we strictly respect the right to the protection of personal data for every individual. We have taken measures to comply with the legal provisions of the EU Regulation 2016/679, GDPR, and other applicable regulations, including obtaining ISO 27001 certification. 

We take pride in the fact that the development of the Apollo IDP platform was planned and implemented based on the fundamental principle of privacy by design.

Data security and confidentiality are constantly at the forefront of our concerns, integrated into every aspect of the solution we offer to companies and organizations looking to automate their business processes involving documents.