Hive is now ISO 27001 certified!

What is ISO 27001?

ISO 27001 is a widely recognized and international standard for Information Security Management. The certification proves that a company is making continuous efforts to protect customer and employee information in a systematic way and to comply to legal requirements such as GDPR.

ISO 27001 requires companies to adopt and maintain an Information Security Management System or ISMS. This helps organizations to:

• manage and prevent risks regarding information security,
• handle sensitive data with the greatest care and confidentiality,
• and continuously maintain and pay attention to data protection.

Hive’s ISO 27001 certification

At Hive, we aim to provide our customers with the highest quality of service. That’s why from the foundation of our company, we wanted to prioritize the management of sensitive company information. We aim to serve medium to large enterprises with our software and noticed a lot of requests for the certification. We worked hard to ensure we meet the very high ISO 27001 excellence standards at every level of our organization.

And our continuous efforts have paid off! After an elaborate audit from an independent organization, we have received our Hive ISO 27001 certification earlier this year!

We can now say that we meet the globally most recognized standards for Information Security Management. This means that Hive:

• protects sensitive data from customers, employees, and partners according to the ISO norms and legal requirements such as GDPR,
• does everything in its power to reduce the number of data security threats and has proactively put a process in place in case a threat occurs,
• has actively invested in employees’ awareness and understanding of their responsibilities and expectations regarding data security.

The ISO 27001 certification in practice

The ISO 27001 certification is proof that Hive treats information with the utmost respect. During the process of obtaining the certificate, we have made our internal organization stronger and our communication more transparent. Our employees have a greater understanding of their responsibilities and expectations when it comes to data protection.

Some of the many measures we have taken to manage data security:

• There is only a limited number of authorized third-party tools involved in managing and transferring sensitive data. This lowers the risk of leaks and other security threats.
• Staging and production data are kept separately and do not get mixed at any point. Doing so will also guarantee that only authorized personnel have access to the production data.
• An independent party will evaluate the security of the Hive platform during the yearly “pen test” or penetration test. The test in the form of a simulated cyber-attack is meant to check any vulnerabilities and to give actionable insights in how to protect Hive from real-life security threats.
• We have also started implementing incident management, with an elaborate workflow, allowing us to identify and track all incidents and to make sure these are resolved as soon as possible using the agreed-on measures.
• All our legal documents have been updated, ensuring these comply to the data protection policy and legal requirements, such as GDPR.

We will continue to use the best-practice information security methods, protecting your information within our company and on the platform.