We’re incredibly proud to announce that 1Password has achieved ISO 27001, 27017, 27018, and 27701 certifications.
While the building blocks for ISO certifications have been embedded in 1Password DNA for years, we’ll share the reason we pursued them now, what the certifications mean for us, and most importantly, what they mean for you and your organization.
What are ISO/IEC certifications
The International Organization for Standardization (ISO) is a non-governmental organization that develops international standards for establishing, implementing, and maintaining services, systems, and processes.
ISO/IEC 27001:2022 is the world’s most recognized standard for information security management systems, and defines requirements for certification. Certified organizations – like 1Password – have proven they have designed controls that follow ISO best practices and principles, and can manage risks related to the security and privacy of information entrusted to them.
There are additional ISO standards and extensions to ISO 27001 that, when achieved, further reinforce a company’s ability to adhere to strict information security and privacy standards:
ISO/IEC 27017:2015 provides information security controls and implementation guidance for both cloud service providers and cloud service customers.
ISO/IEC 27018:2019 outlines controls related to protecting Personally Identifiable Information (PII) in those public cloud computing environments.
ISO/IEC 27701:2019 specifies requirements and provides guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).
1Password has been certified to each one. And these certifications speak volumes. They confirm 1Password meets the highest international standards for information security and privacy. Today 1Password is the only enterprise password manager that has achieved ISO 27001, 27017, 27018, and 27701.
Why ISO 27001 and why now?
ISO sets the international standards for information security management, cloud security, and privacy. ISO 27001, specifically, is requested by prospective customers every single day. Many companies actually require their password manager to be ISO 27001 certified for compliance purposes.
1Password has been a trusted security, privacy, and compliance partner of the international business community for a long time, and we’re grateful for their loyalty. But it became clear ISO certification is something our community relies on, something it values.
As more customers, prospects, and partners requested us to pursue certification, we decided to listen. And so we embarked on the path to ISO 27001, 27017, 27018, and 27701 – toward the best version of 1Password.
What ISO 27001 certification means for 1Password
Secure by design and private by default, 1Password has a long history of meeting and exceeding your expectations and the standards set by various authorities. Our secure policies and practices have allowed us to obtain unqualified opinions during our SOC 2 Type 2 evaluations since 2018, indicating that our controls related to security and availability are designed and operating effectively. But this ISO certification journey gave us another reason to come together again to analyze 1Password at a holistic level.
Our path to certification involved numerous internal stakeholders – executive leadership, management, and subject matter experts from across the organization – who worked in tandem with third-party auditors to review our compliance to ISO-specific standards.
The review included an audit of our information security and privacy policies and processes. It further confirmed that 1Password is well positioned to protect against malicious activity by quickly and accurately detecting and addressing that activity. Overall, the audit confirmed that we’re clearly and consistently documenting and executing the best practices we established many years ago.
This certification is the result of many months of hard work by individuals and teams across our organization, demonstrating an intense dedication to the ISO standards and everything the certification represents for 1Password. That is to say, certification to ISO 27001, 27017, 27018, and 27701 means a great deal to 1Password, as well.
What ISO 27001 certification means for your organization
Our certifications mean you can continue (or start!) using 1Password knowing you’ll meet compliance requirements with an ISO-certified password manager and access management solution. And they say so much more.
The 1Password ISO certification is a sign of organizational and security maturity, and serves as evidence that we take the safety and privacy of your data incredibly seriously. It illustrates our ability to protect your company’s most valuable information.
1Password has always promised a security-first approach and the addition of these ISO certifications to our third-party assurance portfolio means it’s more than just a promise. An independent third-party auditor has observed our practices, policies, and processes and certified they’re up to or beyond industry standards. Whether it’s access control, confidentiality of information, or employee training, we have it covered.
Finally, our certifications represent our commitment to you and your business. It’s our investment in continuous improvement so we remain ISO certified and continue to demonstrate that your highest level of trust is well placed in 1Password.
And regardless of your geographic location and compliance requirements, that peace of mind is priceless.
Megan Barker
Security Scribbler
Tweet about this post