From the early days, Algolia has made information security and privacy not just a priority, but a point of pride. We have a highly specialized team that is entirely dedicated to security, our servers are located in data centers that follow highest industry security standards, and our infrastructure is protected by multilayer access control. We run continuous security testing through a public bounty program and regular pen tests, and are SOC 2 certified.
To this list of accomplishments, today we proudly add the ISO/IEC 27001 and ISO/IEC 27017 certifications.
What are ISO 27000 certifications?
Handling our customers’ data and our company’s data is at the core of our business. For this reason, we adhere to a series of information security standards that govern how we navigate our environment, our requirements and our restrictions.
The ISO 27000 is an internationally recognized family of standards outlining best practices for managing information security and privacy.
More specifically, ISO 27001 helps organizations manage the security of services, data, intellectual property or any information entrusted by a third party. It formally specifies an Information Security Management System (ISMS): a set of defined policies, processes, and systems to manage organizational data.
The ISO/IEC 27017:2015 code of practice is designed for organizations to use as a reference for selecting and implementing cloud services information security controls, and addresses cloud-specific information security threats and risks. For example, it defines and regulates:
- Shared roles and responsibilities within a cloud computing environment
- Protection and separation of a customer’s virtual environment from that of other customers
- Virtual machine hardening requirements to meet business needs
- Procedures for administrative operations of a cloud computing environment
- Enabling customers to monitor relevant activities within a cloud computing environment
- Alignment of security management for virtual and physical networks
- Removal and return of cloud service customer assets upon contract termination
What this means for our customers
According to Forbes, the annual global cost of cybercrime is expected to exceed $6 trillion by 2021, rendering the safety of sensitive consumer and company information a critical business topic. We believe this is an important part of the value we provide to our customers. Companies who choose to build their own search solution must also implement their own security practices, and there have been many examples of data security breaches where companies have not done this well enough.
Simply put, we want your data to be as safe as possible. Incorporating these latest security standards is particularly valuable to large enterprises that process and handle large volumes of personally identifiable information: banks, healthcare and e-commerce companies, but will benefit companies of all sizes and industries.
As always, don’t hesitate to ask us any question on this or other security topics: firstname.lastname@example.org.