Caveon is proud to announce that it has been awarded ISO 27001, Information Security Management certification. Beginning in May 2021, the 3,893-hour undertaking to design, implement, and audit Caveon’s ISMS ended on May 26, 2022.
The certificate was awarded on June 13, 2022, and can be inspected here. In addition to the ISO certification, Caveon Test Security completes a Soc 2 Type II audit each year.
The audit process consisted of a pre-assessment, an internal audit, and audit phases one and two. Those phases go through all policies, adherence to policies, implementation of protocols and systems, and alignment with standards.
“Implementing ISO 27001 was a rewarding and challenging experience all at the same time,” said David Holt, Caveon's IT Director. “It afforded the opportunity for the management team to review our existing policies and processes, implement new processes, and define meaningful metrics to measure the success of our ISMS. No stone was left unturned.”
“Achieving certification is an important milestone in our evolution as a cutting-edge SaSS provider,” said Steve Addicott, Caveon’s Chief Operating Officer. “It’s a crucial milestone in that our clients, some of the largest test programs in the world using our products and services internationally, can plan their growth knowing that Caveon has their data secured.”
We worked with BSI as our ISO auditing firm to benefit from their experience and expertise in the ISO standards.
We worked with Kirkpatrick Price as our ISO internal auditing firm, relying on their staff’s familiarity with the standards and extensive experience with auditing and auditing against the ISO 27001 standard.
