Official GSMA™ Open Gateway Channel Partner enabling Open Gateway APIs for Operators & Enterprises

Matt Cooper

Head of Global Marketing

P

+44 (0) 7774 781695

E

matt@sekura.id

Achieving ISO/IEC 27001:2022 certification in just six weeks

Sekura.id’s significant step to an even SAFr world

ISO/IEC 27001:2022

Achieving ISO/IEC 27001:2022 certification in just six weeks: Sekura.id’s milestone

In a remarkable achievement, Sekura.id has secured ISO/IEC 27001:2022 certification in just six weeks, demonstrating our commitment to the highest standards of information security. As a leader in mobile identity authentication and fraud prevention, our rapid certification process reflects our agility and dedication to safeguarding digital identities globally. Achieving this certification typically involves a rigorous and lengthy process, but Sekura.id’s success highlights our efficient and well-structured approach to information security management – confirming our position as a trusted partner in the industry.

The importance of ISO 27001 certification

ISO/IEC 27001:2022 is an internationally recognised standard that outlines the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). For companies like Sekura.id, this certification is more than just a technical milestone; it is a critical component in building trust with clients and partners. The certification process involves rigorous assessments by an accredited body, ensuring that all necessary controls are in place to manage information security risks effectively.

For Sekura.id, achieving this certification was not merely a goal but a necessity. As Ben Norton, Sekura.id’s Head of Delivery, explains, “We operate on a partner-based model, where our clients are typically partners engaging with major companies. Some of the top banks in the UK require us to have ISO 27001 through these partnerships.” This requirement was not just a regulatory formality but a key enabler for Sekura.id to expand its client base, particularly among major financial institutions.

Sekura.id’s journey to certification

While many organisations might view ISO 27001 certification as a daunting, months-long process, Sekura.id was determined to expedite their journey without compromising the integrity of our information security practices. This determination led us to explore various solutions, ultimately settling on the Digital Trust Accelerator (DTA) programme offered by Vanta, in collaboration with Cognisys and Insight Assurance.

The DTA programme is a six-week, bootcamp-style initiative designed to equip businesses with the knowledge and tools necessary to achieve ISO 27001 certification efficiently. Vanta’s platform automates up to 80% of the compliance work, while Cognisys provides hands-on guidance and expertise, ensuring that every aspect of the ISMS is tailored to the company’s specific needs.

Despite initial scepticism about achieving certification within such a short timeframe, Sekura.id’s leadership recognised the value of the programme’s clear timeline and structured approach. As Gautam Hazari, Sekura.id’s CTO, remarked, “We at Sekura.id prioritise security and compliance while building the missing identity layer for the Internet, making the world a SAFr place.”, referring to the Sekura API Framework. “We’re delighted to achieve our ISO 27001 certification in just six weeks, working with partners like Cognisys, Vanta, and Insight Assurance, who’ve been instrumental in this milestone.”

The certification process

The six-week certification journey began with an intensive onboarding and setup phase, where Sekura.id’s existing security measures were evaluated, and gaps were identified. The DTA programme then guided the company through a series of weekly objectives, including policy development, risk assessments, and internal audits, culminating in a thorough external audit conducted by Insight Assurance.

Throughout this process, Cognisys played a crucial role in facilitating communication and ensuring that Sekura.id’s unique operational needs were met. The partnership between Cognisys and Insight Assurance was particularly effective, as it combined Cognisys’s deep understanding of Sekura.id’s technological infrastructure with Insight Assurance’s expertise in compliance and cybersecurity. This collaboration allowed the certification process to be both comprehensive and efficient, ensuring that Sekura.id met all necessary compliance standards.

As part of the certification process, Sekura.id’s Information Security Management System (ISMS) was rigorously tested and validated. The ISMS covers the entire scope of Sekura.id’s operations, including our API platform, SAFr, and associated services such as IT, support, finance, software engineering, and more. The successful implementation of the ISMS not only met the stringent requirements of the ISO 27001 standard but also resulted in zero nonconformities, highlighting Sekura.id’s dedication to excellence in information security.

What This certification means for Sekura.id and its clients

Achieving ISO 27001 certification is a significant step for Sekura.id, offering numerous benefits to both the company and its clients. For Sekura.id, the certification strengthens our competitive position in the market, particularly in the financial services sector, where regulatory compliance is paramount. The certification also enhances our reputation as a trusted partner in mobile intelligence, providing clients with the assurance that their data is handled with the highest levels of security.

For clients, partnering with an ISO 27001-certified company like Sekura.id means reduced risk and increased confidence in their business transactions. The certification demonstrates Sekura.id’s proactive approach to managing information security risks, ensuring that potential threats are identified and mitigated before they can impact operations. This level of assurance is particularly valuable in today’s industry, where data breaches and cyber threats are increasingly prevalent.

As we expand our operations, the robust ISMS developed during the certification process will be our foundation for ongoing security improvements, ensuring that Sekura.id remains compliant with evolving regulations and industry standards.

A compliment to Sekura.id’s organisational efficiency

The speed at which Sekura.id achieved ISO 27001 certification is a reflection of the company’s pre-existing secure processes and organisational efficiency. While the DTA programme provided the necessary tools and guidance, Sekura.id’s success would not have been possible without a strong foundation in information security. Our ability to integrate new security measures seamlessly into our operations is indicative of our commitment to maintaining the highest standards of data protection.

As Mario Vlieg, Manager ISO Services at Insight Assurance, noted, “Cognisys’ guidance of Sekura.id through the certification process was a prime example of how strategic partnerships can drive exceptional outcomes. It ensured a smooth, efficient journey, reflecting their commitment to excellence in cybersecurity compliance.”

Sekura.id’s achievement of ISO 27001 certification in just six weeks is not just a nice-to-have; it is a clear signal to the market that we are a trusted and reliable partner, capable of meeting the most stringent security requirements.

Sekura.id’s rapid certification journey demonstrates that with the right tools, partners, and organisational mindset, even the most ambitious security goals can be achieved efficiently and effectively. For our clients and partners, this achievement offers peace of mind, knowing that Sekura.id is fully equipped to protect their data and support their business objectives in a secure and compliant manner.