All companies that possess and use employee and client data have a responsibility to protect that information from falling into the wrong hands. As an AI-driven HR technology company with over 500 employees and 300 customers worldwide, information security is one of our utmost priorities.
That’s why we are proud to announce we have achieved ISO/IEC 27001:2013 certification after meeting specific criteria for protecting and managing employee, customer, and partner information. The certification extends to every level of Phenom’s people, processes, and technology, including our infrastructure, human resources processes, and application security.
The ISO 27001:2013 certification badge is a message to all of our Phenom Talent Experience Management (TXM) platform users, colleagues, and partners that their information is always protected.
Here's why this certification matters and what goes into its qualifications.
Why Is This Certification Important?
The protection of information is essential for the successful and daily operation of any organization. ISO 27001:2013 certification helps companies keep confidential information secure, as well as minimize and manage risk exposure. It also provides customers with an unparalleled level of confidence and adds credibility to a company’s services and products.
This achievement is a testament to Phenom’s commitment in reducing security risks for its users and stakeholders. And it is with great pleasure that we can now display the ISO certification badge so that all employers, recruiters, CHROs, and HRIS practitioners feel confident in their decision to partner with Phenom.
What Is ISO?
ISO—which stands for International Organization for Standardization— is the largest independent and non-governmental developer of international standards operating in 164 countries that promotes proprietary, industrial, and commercial standards. With over 20,000 standards, ISO covers quality management, energy management, food safety, and IT security, among many others.
What Is ISO/IEC 27001:2013 Certification?
ISO/IEC 27001:2013 is a globally recognized standard, mandating numerous controls for the establishment, maintenance and certification of an information security management system (ISMS). Developed by the ISO and International Electrotechnical Commission (IEC), this certification ensures the security of data and information has been addressed, implemented, and properly controlled in all areas of an organization.
Achieving this certification involves a three-stage external audit process, which includes:
- Preliminary and informal review of the ISMS to check for completeness of documentation of the organization’s information security policy, Statement of Applicability and Risk Treatment Plan.
- Detailed and formal compliance audit that tests and confirms the ISMS against the ISO/IEC 27001 requirements. After passing this stage, the ISMS is considered ISO/IEC 27001 certified.
- To maintain the certification, ongoing reviews and audits are required to confirm that the company remains in compliance with the standard. At a minimum, annual re-assessment audits should be performed specifically if the ISMS is maturing.
We are proud to have accomplished this security milestone and continue to ensure all of the information we are entrusted with is protected.