Silverstripe renews ISO 27001 certification, demonstrating commitment to information security

Hundreds of customers trust Silverstripe to look after their online presence. Whether it’s filling out the New Zealand census, helping your child choose what to study on the NZQA website or planning your next holiday, millions of people have interacted with Silverstripe’s creations. You can see some of our work on Silverstripe.com.

We take our responsibility to our customers and their users seriously. This means making sure that their website will be up and running when they expect it to be, that the data they entrust to us will be kept safe, and that Silverstripe will be there to support them no matter what.

To demonstrate our commitment to being a reliable supplier for our customers, three years ago, Silverstripe sought and achieved ISO 27001 certification. ISO 27001 is an international standard for managing information security. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).

We recently undertook an audit against the 2022 version of the standard, and have successfully achieved recertification.

Information security management isn’t only about technological concerns like encryption or firewalls. It covers all aspects of our work. This includes things like:

• how we develop and host websites
• keeping our offices secure from physical intrusion
• educating our staff to look out for phishing attempts
• controlling who can access our data and our customers’ data
• planning how to recover from security incidents or disasters.

There’s been a lot of work behind the scenes to prepare for our recertification audit. To get ready for the audit, we:

• identified risks
• catalogued information assets
• identified mitigations
• planned contingency plans
• gathered evidence for the auditors.

These efforts have been coordinated by our Information Security Steering Committee (ISSC), led by our Information Security Manager. The ISSC establishes policies and supports all other business units in implementing them.

Silverstripe was fortunate to have support from some outstanding external security specialists. We’re very thankful for the expertise and guidance of:

• Steven Webb from ResilientIT who guided our effort as Information Security Manager
• Garion Herman who helped us as an independent security contractor.

This process affects all parts of Silverstripe, from the junior developers who have to be familiar with secure coding standards to our senior leadership team who has to establish a business continuity plan in case of a disaster.

Ultimately, our commitment to information security is part of our wider goal to be a trusted partner for our customers and to support them in creating impactful digital experiences.