ISO 27001

Our Approach to Information Security

ISO 27001 is the international standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive information so that it remains secure, covering people, processes, and technology. Sistava is building its security program with ISO 27001 principles at its foundation. We are committed to achieving formal certification as our organization matures and scales.

What We Have in Place

We maintain documented security policies, conduct regular risk assessments, and implement controls aligned with ISO 27001 Annex A. Our development lifecycle includes security reviews, and our team follows secure coding practices. Access management, asset inventory, incident management, and business continuity planning are all part of our operational practice today, even before formal certification.

Certification Roadmap

ISO 27001 certification is On The Roadmap alongside SOC 2. We plan to pursue it as we enter the enterprise market. This page will be updated with our certification status as we progress.

What this means for customers

• Security program built on ISO 27001 principles from the start
• Documented security policies and regular risk assessments
• Secure development lifecycle and coding practices
• Formal certification planned for enterprise phase