Image: the team that worked hard on the ISO 27001 Certification
It’s official; Betty Blocks is the only ISO 27001 certified no-code platform. And we don’t just mean our hosting provider; we mean where Betty Blocks is made, run and maintained, and we’re proud of it!
We know security is not optional and our ISO 27001 certification confirms our information security capabilities and it further strengthens our position as an Enterprise-grade player. Our external auditor was exceptionally pleased; no non critical non-conformities (and obviously, no critical ones either), ergo: we passed cum-laude!
Are high productivity tools in the aPaaS market underestimating cyber security?
Well, we can only say that we don’t. But cyber security includes even more. Comparing low-code vs no-code platforms; no-code platforms drastically lower the chances of unauthorized access to systems and information and reduce other threats compared to their low-code equivalent. Low-code means you can still generate code which immediately increases the security risks since it’s prone to errors.
"Every process at Betty Blocks is carried out with data security in mind. This goes from software development, to locking laptops and maintaing our clean desk policy, so there will be no accidents." - Chris Obdam, CEO at Betty Blocks
Continuous improvement for maintaining the certification
The ISO 27001 is a framework that applies to the entire company. It contains strict rules and regulations for every line of business, based on a Plan - Do - Check - Act methodology to manage the ISMS (Information Security Management System). This iterative process is designed to drive continuous improvement. The certification is a 3-year cycle, with audits in between to ensure we’re operating and maintaining the ISMS.
Among other things, the ISO 27001 framework includes chapters on:
Leadership & Commitment
Commitment for security must be driven from the top down. In an ideal world, security would be a board level issue and discussed at each board meeting without exceptions. In reality, this is often not the case. Either way, top management must have oversight and input into the requirements for the system and be able to demonstrate this.
"The security framework/operation has allowed us to automate security protocols so we can work securely without being restricted."
- Daniel Willemse, CTO at Betty Blocks
To make sure everybody applies the set protocol, the 3-year certification cycle, includes ‘in case of emergency practices’. These consist of unscheduled (for us) training exercises to see if we uphold all security protocols and ensure integrity and availability of all Betty Blocks systems.
Transparency is key in trust building. Our security policy is available on request and we register all platform events on our publicly available status page, keeping track of history. But it’s not a one-way street: we’re doing this together with our customers. We’re asking for feedback on quality and security on an ongoing basis. Your input is appreciated (dare we say: required)!
If you have any questions regarding the ISO 27001 certification, or if you're curious what Betty Blocks can do for your organization? Reach out right away!