Spotlight Reporting is proud to be ISO 27001 Certified. As an international standard to manage information security, this widely known certification is a clear way we can highlight our high level of security as we continue to evolve and grow. It’s a big milestone - one that recognises our top-tier security standards and commitment to keeping our customers safe.
What is ISO 27001 and how does it work?
The certification is designed to provide a control measure for IT and data security, to ensure those seeking solutions and services can rest assured they’re in safe hands.
While each auditor will test slightly different controls within an organisation, overall the standard is based on the same areas that pose potential risk within an information security management system (ISMS). Each time the certification is delivered, it’s tailored to the organisation in question to ensure the same level of stringency is upheld.
Looking specifically at ISMS’s, the standard outlines best practices for data protection and cyber resilience. It thoroughly and rigidly considers the scoped area, be that the entire organisation or one department. This particular certification is also known to adapt to the ever-changing world of technology, ensuring it’s fit for our modern world.
How did Spotlight Reporting achieve its certification?
The audit process was broken down into three main stages, an informal review of our ISMS, a more detailed and formal compliance audit including intensive testing, and follow-up reviews or audits to make sure our security practices are ongoing and compliant.
Throughout the process, Spotlight Reporting’s ISMS was systematically and thoroughly examined for information security risks, including any threats, vulnerabilities and impacts. We were also audited on our implementation of coherent and comprehensive cybersecurity measures that successfully mitigate potential risks. And finally, we were tested on our overarching management process that underpins our security systems and processes.
Protecting your data is our top priority
At Spotlight Reporting, we have long understood the importance of establishing and maintaining healthy cybersecurity measures, especially as our systems and solutions are trusted with important and sensitive data and information.
At present, we’ve been trusted to take care of thousands of the world’s most innovative accounting firms, trusted advisors, and businesses, as they work across different geographies, currencies and integrated systems.
When it comes to our software, we’ve implemented several core practices to uphold the integrity of our security. This includes the following:
- Users are governed by admin control
- Data is encrypted in transit and at rest
- Users own and control all of their data
- A Spotlight Reporting account is accessed with two-step authentication
- 24/7 monitoring ensures threats are caught around the clock
- GDPR standards are complied with
- Failover databases store regular backups
- Physical access to Spotlight Reporting data centres is strictly controlled
To download our ISO27001 certification or to find out more about our key security features, click here.