Information Security
Are you SOC 2 or ISO-certified?
SharpSpring complies with ISO 27001 standards, but hasn't applied for official certification.
Every aspect of the web application architecture, product design, security mechanisms, and internal processes have been established in accordance with ISO/IEC 27001 specifications.
The application is hosted with ISO-certified data centers.
SharpSpring is also not SOC 2 certified, however, SharpSpring's cloud providers (where all data is hosted) are SOC 2 certified and we are able to share those reports under NDA if required. Please reach out to us if that is needed.
Please read more on the SharpSpring Information Security overview page.
More information about ISO 27001
What is iso 27001?
ISO/IEC 27001 is an international standard for regulating data security through a code of practice for information security management.
ISO/IEC 27001 is comprised of a set of standards covering different aspects of information security including information security management systems, information technology, information security techniques, and information security requirements.
The latest standard is ISO/IEC 27001:2013, which was published in 2013.
Why is ISO 27001 important?
When a business is ISO/IEC 27001 certified it's officially recognized for adhering to the highest internationally recognized information security standard, giving additional selling points among other things. It also might be required by some clients
Is ISO 27001 and GDPR the same thing?
No, but if you are GDPR compliant you will also per definition adhere to the rules of ISO 27001.
ISO 27001 focuses only on the security part while GDPR is focusing on that and several more aspects. Having met ISO criteria is therefore a step towards being GDPR compliant.
Note: You can’t say that you are ISO 27001 certified if you haven’t actually applied for it, only that you comply with it.
How to apply to become ISO 27001 certified
It requires an external audition of three security stages (information confidentiality, information integrity and information availability) and can be given only by an accredited certification body. It’s valid for 3 years.
More info for implementing:
https://www.isaca.de/sites/default/files/isaca_2017_implementation_guideline_isoiec27001_screen.pdf
Certification Body:
https://www.iafcertsearch.org/search/certification-bodies
Other links:
--More info (internal to FunnelBud)
Related: GDPR