Everyone desires safety, particularly concerning financial data. This responsibility escalates significantly when it comes to international scenarios, since business must comply with rules and laws from different countries and regions. The International Organization for Standardization (ISO) tackles this issue by developing standards for organizations worldwide.
ISO certifications range from quality management, environmental standards, and notably, information security. When it comes to financial security, we must focus on ISO 27001 and ISO 27701, which establish guidelines for safeguarding personal and financial data privacy and security.
ISMS: ISO 27001
This certification provides a systematic and risk-based approach to managing sensitive information. It outlines the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within an organization. Adopting ISO 27001 can ensure the confidentiality, integrity, and availability of the information, prevent unauthorized access, avoid data breaches, and manage other security-related risks.
PIMS: ISO 27701
On the other hand, the ISO 27701 focuses on enhancing a privacy information management system (PIMS). This certification helps organizations manage privacy risks related to the processing of personal data, guaranteeing compliance with regulations such as General Data Protection Regulation (GDPR) and protecting individuals privacy rights as a result.
Data security and privacy
Because Yuno’s core values are security and privacy, our Security team identified and implemented control points in both our ISMS and PIMS. This endeavor focused on meeting 93 control points of ISO 27001:2022 and expand them to comply with the requirements outlined in ISO 27701:2019. These two certifications confirm Yuno’s commitment with safeguarding data security and privacy in its roles as both Data Controller and Data Processor.
How does Yuno ensure your security?
- Initial evaluation
Before starting the certification process, we assessed our initial security and privacy situation. Our security team conducted a detailed analysis of potential risks and vulnerabilities affecting data confidentiality, integrity, availability, and privacy.
In order to achieve compliance with regulations like the GDPR, LGPD, Colombia's Law 1581 of 2012, and Mexico's LFPDPPP, we identified critical assets and sensitive data flows. Finally, as our commitment with our clients demands, we studied our stakeholder expectations to meet their security and privacy needs.
- Management system development
With PCI DSS Level 1 version 4.0 certification, Yuno had a strong security foundation. This facilitated implementing ISO 27001 and ISO 27701 requirements across our organization. Thus, our main focus was on optimizing the synergy between existing and new certifications, ensuring comprehensive management of information security and privacy.
- Training and awareness
In order to gain the necessary knowledge for effective implementation of ISO 27001 and ISO 27701, our security team specialized and certified to understand the control points and requirements thoroughly. Additionally, we developed self-learning materials and awareness programs for all departments, fostering a strong organizational culture around data security and privacy.
- Internal and external audits
We performed internal audits, GAP analyses and specialized consultations to identify improvement opportunities and resolve potential nonconformities. Our proactive approach strengthened our management system and prepared us for the rigorous certification process.
After addressing internal audit findings, we proceeded with the external audit by an accredited certification body. An external auditor assessed our compliance with ISO 27001 and ISO 27701 requirements. Through this process, we received valuable feedback and recommendations to continually improve our management system.
- Addressing non-conformities
After the first audit phase, Yuno's security and involved teams corrected any potential nonconformities and implemented improvements with 15 days to spare before the start of the second audit phase. Quick action and collaboration were crucial for successfully preparing our management system for the second audit phase, demonstrating our commitment to these processes and continuous improvement.
Certifications achievement
Achieving ISO 27001 and ISO 27701 certification represents our deep commitment to information security and privacy protection. This accomplishment marks the culmination of an intensive, collaborative process that involved meticulous planning, rigorous implementation, and thorough evaluation.
The entire Yuno team worked together tirelessly, demonstrating exceptional dedication to meeting these high standards. We commemorate this milestone and pledge to uphold the trust of our clients and stakeholders through every update.
Continuous improvement
With these certifications achieved, our commitment to continuous improvement strengthens. We recognize that information security and privacy protection are dynamic processes requiring constant vigilance and adaptation. Therefore, we have a continuous improvement cycle that includes regular system evaluation and implementation of corrective and preventive actions.
We are committed to learning from experiences, leveraging audit feedback, and staying updated on best practices and new trends in information security and privacy, ensuring we continue to meet the highest standards.