Speaking the speak and strolling the stroll are two very various things. Within the digital world, there aren’t many matters which might be extra essential than safety, privateness, and compliance. They’re not one thing you need to brag about until you’re actually doing what it takes.
E mail on Acid and InboxReady by Sinch are proud to announce that we’ve taken steps to again up and show our dedication to offering prospects with a safe platform that focuses on knowledge privateness, together with GDPR compliance.
How’d we do it? Nice query. It entails some business audits and worldwide certifications that consider our safety packages, processes, and preparedness:
- ISO 27001 and ISO 27701
- SOC 2 Sort I audit
Regardless of who you’re employed with, these certifications and audits are an indication of a expertise associate you possibly can belief. To clarify precisely why, let’s take a more in-depth take a look at what goes into getting licensed in addition to passing safety and compliance audits.
What’s ISO 27001?
There’s a great likelihood you’ve heard of ISO requirements earlier than. The Worldwide Requirements Group is a world, non-governmental group that defines, develops, and publishes all kinds of requirements.
That would embrace sustainability requirements comparable to internet zero emissions. A reasonably well-known normal is ISO 9001, which certifies high quality administration processes.
ISO 27001 focuses on data safety requirements. We pursued and achieved this certification as a result of it exhibits competence and signifies {that a} dependable data safety program is in place. To be extra particular, ISO 27001 certifies the next:
- Prospects are being protected and knowledgeable by confidentiality, integrity, and the supply of assault knowledge.
- That our program aligns with greater than 140 controls to determine, examine, and act on potential safety incidents.
- That annual threat assessments are accomplished to make sure threats are dealt with correctly.
For us to earn an ISO 27001 certification, impartial auditors check our data safety program in opposition to all these controls. Meaning we have to clearly determine dangers, set clear aims on what must be achieved with data safety, and outline the safeguards and mitigation efforts that can deal with the dangers.
Plus, ISO 27001 requires that we present how we often measure our data safety controls and that we’re repeatedly working to enhance safety.
What’s ISO 27701?
ISO 27701 is in the identical household of certifications as ISO 27001. The primary distinction is that an ISO 27701 certification provides knowledge privateness into the combination together with data safety. An essential motive for that is to guage controls associated to the European Union’s Common Information Safety Regulation (GDPR).
Whereas ISO 27701 is just not a literal GDPR certification, it does present that E mail on Acid and InboxReady have a privateness program in place that meets related necessities to the regulation – and that we’re frequently working to enhance knowledge privateness.
Information privateness is essential on the planet of electronic mail. As a buyer or person, not solely would you like your personally identifiable data (PII) protected, however you additionally want to guard the info of your prospects and subscribers. That features their electronic mail addresses.
Dan Ross leads the staff chargeable for a lot of this and works straight with the auditors. He understands why GDPR is such a giant deal to electronic mail senders.
“GDPR is understood by most to be essentially the most complete privateness legislation on the planet. Our merchandise abide by this privateness legislation, and mixed with our ISO 27701, Privateness Coverage, and Information Processing Settlement, our prospects can ensure that their knowledge is handled appropriately.”
~ Dan Ross, Sr. Supervisor, Governance, Threat, and Compliance (GRC)
Regardless that GDPR solely applies to the private knowledge of EU residents, all Sinch E mail manufacturers deal with knowledge the identical method. This implies everyone seems to be protected, and it helps put together our platforms and our prospects for future laws, such because the proposed American Information Privateness and Safety Act (ADPPA).
The ISO 27701 certification is essential as a result of, as an electronic mail sender, you could discover GDPR-compliant expertise companions. That is the proof.
What’s a SOC 2 Sort I audit?
The phrase “audit” by no means actually feels like enjoyable, does it? Dan Ross can affirm that, when our manufacturers bear these audits, it will get intense and entails some very lengthy days.
A SOC 2 Sort I audit occurs yearly. It’s a extremely regulated audit, which ends up in a report that gives an expert opinion on the effectiveness of round 400 controls. (That’s quite a bit.) With SOC 2 Sort I, auditors rigorously check these operational, safety, availability, and confidentiality controls at a particular time limit.
There’s additionally a SOC 2 Sort II report, which follows the identical controls, however takes place over a 12-month interval quite than one time limit. Our sister manufacturers, Mailgun and Mailjet, have already handed the SOC 2 Sort II audit. In 2023, we’re working to attain this for all Sinch E mail merchandise, together with E mail on Acid and InboxReady.
Throughout a SOC 2 audit, the impartial auditors will check issues comparable to whether or not we’ve offered cybersecurity coaching to our staff. They’ll additionally discover out if we’re testing product code adjustments for safety vulnerabilities earlier than we push them dwell to our platforms.
What does all this imply to you?
Cybersecurity and knowledge privateness compliance can get sophisticated – and truthfully – a bit of bit scary too. We pursue these stories and certifications and make them obtainable as a result of we would like our prospects to have peace of thoughts.
While you work with E mail on Acid, InboxReady, or any of the Sinch E mail options, you possibly can relaxation straightforward and know that you would be able to belief us. We don’t simply inform prospects and prospects that we’re safe and compliant. We get our packages examined so that you may be assured we imply what we are saying.
When you’d prefer to study extra about our ISO certifications or the outcomes of our SOC 2 Sort I audit, you possibly can request and obtain documentation on the Mailgun Safety Portal. There, you’ll discover a ton of knowledge that might be particularly useful for these evaluating us as a possible expertise associate.
Discover out extra about electronic mail safety
Concerned with studying extra about cybersecurity and electronic mail? Our buddies and colleagues at Mailgun by Sinch printed a complete information you possibly can obtain totally free. You’ll uncover:
- How the e-mail menace panorama is consistently altering and the way it impacts your organization.
- Recommendation on easy methods to adjust to privateness rules comparable to GDPR, HIPAA, and the CCPA.
- Why electronic mail authentication is essential to defending your subscribers and your model.
- Steering on selecting expertise companions who take safety and privateness critically.
Head over to Mailgun.com and get your copy of The Mailgun information to electronic mail safety and compliance.
Creator: The E mail on Acid Crew
The E mail on Acid content material staff is made up of digital entrepreneurs, content material creators, and straight-up electronic mail geeks.
Join with us on LinkedIn, observe us on Fb, and tweet at @EmailonAcid on Twitter for extra candy stuff and nice convos on electronic mail advertising.
Creator: The E mail on Acid Crew
The E mail on Acid content material staff is made up of digital entrepreneurs, content material creators, and straight-up electronic mail geeks.
Join with us on LinkedIn, observe us on Fb, and tweet at @EmailonAcid on Twitter for extra candy stuff and nice convos on electronic mail advertising.
