What you Need to Know About the ISO/IEC 27001 Certification

 The security of its customers’ highly confidential information and data is DiliTrust Data Room’s top priority. This is why the solution is ISO 27001 certified. But what exactly does this data protection standard cover?

ISO/IEC 27001 Certification: What you Need to Know

The ISO/IEC 27001 certification was first created in October 2005 before it was revised again in 2013. It is the most widely recognized international safety standard. It concerns all types of organisations, such as commercial companies and administrations. It was the successor of the BS 7799-2 standard of the British Standards Institution (BSI) Group, which brought together a group of bodies dedicated to standardization, certification, training and conformity control.

What is most important to understand about ISO/IEC 27001 is that it considers data security through risk. In this sense, it defines the requirements for the implementation of an Information Security Management System (ISMS). Its objective is to protect functions and information from loss, theft or alteration. On the other hand, it also protects computer systems from hacking or disaster. In this way, it has become a guarantee of trust and is a major differentiating asset for companies that have its certification. This is the case with DiliTrust Data Room.


The Information security management system or ISMS has set out a global framework, that is not only technical but also organisational, bringing together information systems, processes and key players involved in protection measures. In this sense, the ISO/IEC 27001 certification allows users to validate control points to ensure the significance of the ISMS framework. But also, to exploit and develop it.

In fact, each risk identified is based on a ratio considering the probability that it will occur and its impact when it occurs. This allows the company’s management to choose the appropriate measures for risk reduction, prevention, sharing and acceptance. Then to reference the latter in a specific mandatory document: the declaration of applicability. It finalizes the definition of the Risk Treatment Plan.


This specific certification extends over three-year cycles. During this period, independent bodies conduct an initial audit and then two surveillance audits; subsequent cycles begin with a renewal audit. These independent bodies are ISO 27006 certified. Their role is to ensure that deviations or non-conformities are properly handled. But also, the progress of planned activities and the long-term sustainability of ISMS.

In other words, a company wishing to have its ISMS certified has a strong interest in implementing accurate and continuous monitoring, not only of risks but also of the selected security measures. This perspective implies a process of continuous improvement of safety to increase its level and gain in risk control. It also implies reducing the use of measures identified as secondary.


DiliTrust Data Room is entrusted by its customers with strategic information. This reality requires a high level of security. That is why DiliTrust Data Room is ISO 27001 certified. Its ISMS meets the technical requirements as well as the management, updating and improvement requirements. Security includes data encryption, both in transit and at rest, the use of an HSM, regular audits, a strong and demanding security policy. It also includes internal security audits, code reviews and systematic tests before each new feature is released for production, automated and daily intrusion tests. DiliTrust Data Room servers are also audited once or twice a year by an external IT security organization. On the customer side, each user is identified by a strong user name and password. The encryption of its data is systematic. It is performed using TLS protocol with the highest levels of encryption (256 bits).