After months of hard work and rigorous testing, The Predictive Index is proud to announce we’ve received one of the world’s most prominent information security management certifications: ISO-27001.
Our initial certification was awarded on 01-31-2022 and will remain valid until 01-30-2025. To view our initial certificate, click here. For more information, please visit our Trust Center.
What is ISO?
The International Organization of Standardization (ISO) is an international organization that develops worldwide standards across fields ranging from science to manufacturing. These standards are intended to promote and measure product excellence, safety, and security.
According to the ISO, each standard is a “formula that describes the best way of doing something.” Standards are created by experts in each field who have a passion for improving quality and excellence.
ISO maintains tens of thousands of standards, each of which is widely recognized as authoritative.
What is ISO-27001?
The ISO-27001 is a common standard for ensuring data security in information technology. ISO-27001 isn’t required by government regulation. Instead, organizations voluntarily pursue certification to prove the excellence of their security standards.
Why does ISO-27001 certification matter?
Certification means safety: clients can trust their data won’t get stolen or misused.
It doesn’t mean a security breach could never happen. But just like a medical degree ensures your doctor meets high standards of training and professionalism, ISO-27001 certification ensures PI has exceptional protocols for preventing and managing security breaches.
The certification also saves time for both PI and our clients. Our clients often submit security questionnaires, which requires a manual response from our Customer Support team. This certification answers the questions most security questionnaires would ask, with the additional benefit of verification by a third party.
What are the requirements for ISO-27001 certification?
To receive ISO certification, PI first needed to implement the standard. Afterwards, our security protocols were subjected to a two-stage audit. Now that we’ve received certification, we’re subject to ongoing review.
Implementing the standard
First, we designed and developed a series of policies that aligned with ISO-27001 controls. These standards include:
- Security Program Standards
- Secure Applications Standards
- Secure Systems Standards
- Business Continuity Standards
To ensure compliance with our new standards, we developed a dedicated security team to cover the following disciplines:
- Application Security
- Security Operations
- Governance Regulation & Compliance.
Two-stage audit
Stage 1
In Stage 1, ISO reviewed our documentation and interviewed employees, with two goals:
- Ensure our internal standards matched ISO standards.
- Ensure those internal standards were actually followed.
Stage 2
In Stage 2, PI underwent a more rigorous review. It wasn’t enough to simply follow the rules: instead, we had to prove our security processes were robust by passing site inspections and control tests.
This review covered a variety of important security information, such as:
- The presence and comprehensiveness of our Security Awareness Training.
- Penetration test results.
- Code review samples.
- Asset management procedures.
- Data anonymization procedures.
Ongoing review
We’re proud to say we’ve passed all tests and reviews—but certification doesn’t stop there. Every year ISO will audit our security to ensure we still meet the standard. Additionally, we have to recertify in 2025.
Where can I find PI’s ISO-27001 certification?
If you’d like to view a copy of the certificate, click here.
What if I have additional questions?
If you have additional questions about our security measures, we recommend contacting our Customer Service team.