Home > Blog > Consultant Resources > PI receives ISO-27001, a prominent information security certification

PI receives ISO-27001, a prominent information security certification

After months of hard work and rigorous testing, The Predictive Index is proud to announce we’ve received one of the world’s most prominent information security management certifications: ISO-27001.

Our initial certification was awarded on 01-31-2022 and will remain valid until 01-30-2025. To view our initial certificate, click here. For more information, please visit our Trust Center.

What is ISO?

The International Organization of Standardization (ISO) is an international organization that develops worldwide standards across fields ranging from science to manufacturing. These standards are intended to promote and measure product excellence, safety, and security.

According to the ISO, each standard is a “formula that describes the best way of doing something.” Standards are created by experts in each field who have a passion for improving quality and excellence.

ISO maintains tens of thousands of standards, each of which is widely recognized as authoritative.

What is ISO-27001?

The ISO-27001 is a common standard for ensuring data security in information technology. ISO-27001 isn’t required by government regulation. Instead, organizations voluntarily pursue certification to prove the excellence of their security standards.

Why does ISO-27001 certification matter?

Certification means safety: clients can trust their data won’t get stolen or misused. 

It doesn’t mean a security breach could never happen. But just like a medical degree ensures your doctor meets high standards of training and professionalism, ISO-27001 certification ensures PI has exceptional protocols for preventing and managing security breaches.

The certification also saves time for both PI and our clients. Our clients often submit security questionnaires, which requires a manual response from our Customer Support team. This certification answers the questions most security questionnaires would ask, with the additional benefit of verification by a third party.

What are the requirements for ISO-27001 certification?

To receive ISO certification, PI first needed to implement the standard. Afterwards, our security protocols were subjected to a two-stage audit. Now that we’ve received certification, we’re subject to ongoing review.

Implementing the standard

First, we designed and developed a series of policies that aligned with ISO-27001 controls. These standards include:

  • Security Program Standards
  • Secure Applications Standards
  • Secure Systems Standards
  • Business Continuity Standards

To ensure compliance with our new standards, we developed a dedicated security team to cover the following disciplines:

  • Application Security
  • Security Operations
  • Governance Regulation & Compliance.

Two-stage audit

Stage 1

In Stage 1, ISO reviewed our documentation and interviewed employees, with two goals:

  1. Ensure our internal standards matched ISO standards.
  2. Ensure those internal standards were actually followed.

Stage 2

In Stage 2, PI underwent a more rigorous review. It wasn’t enough to simply follow the rules: instead, we had to prove our security processes were robust by passing site inspections and control tests.

This review covered a variety of important security information, such as:

  1. The presence and comprehensiveness of our Security Awareness Training.
  2. Penetration test results.
  3. Code review samples.
  4. Asset management procedures.
  5. Data anonymization procedures.

Ongoing review

We’re proud to say we’ve passed all tests and reviews—but certification doesn’t stop there. Every year ISO will audit our security to ensure we still meet the standard. Additionally, we have to recertify in 2025.

Where can I find PI’s ISO-27001 certification?

If you’d like to view a copy of the certificate, click here.

What if I have additional questions?

If you have additional questions about our security measures, we recommend contacting our Customer Service team.

The latest from our blog

Leadership

Creating an Optimal Leadership Experience

In our work, we experience a variety of conditions that can produce a range of outcomes. This can...

People Management

9 common management challenges and how to overcome them

With the rise of remote and hybrid workplaces, along with the growing share of employees demanding deeper connections,...

Leadership

The Leadership Inspection Checklist

I’ve been leading people in organizations large and small for some 30 years. Not once has anybody inspected...

Leadership

What’s love got to do with work? (Perspectives webinar recap)

For some, the term 'love' has no place at work. For others, it’s why they show up to...

Leadership

Making time for leadership

There’s a natural rhythm to work - from our five-year plans to our jam-packed workdays and everything in...

People Management

Mend employee conflict and build trust with PI’s Relationship Guide.

The PI Relationship Guide got a recent update. Learn how to compare two employees' behavioral profiles side by...

Leadership

This or That: Appreciating our differences

Over time, I’ve learned to not only recognize key differences among my co-workers, but to appreciate them as...

People Management

PI Perform is now generally available for all Predictive Index clients.

PI Perform is here, and we're excited to show you what it can do. Learn what features to...

Leadership

People-first leadership: Make the First Five Minutes count

In many organizations, the work dominates the agenda of most meetings. But as leaders, we must also make...

Back to top
Copy link