OutSystems, provider of low-code application development platform, announced that it is the first low-code vendor to achieve two new cloud security certifications – ISO 27017 and ISO 27018.
As organisations develop, run and share a higher percentage of their applications on the cloud, stakeholders across the business are trusting platform providers to ensure their cloud-based environments are secure. These certifications demonstrate the high level of commitment OutSystems has to ensuring the privacy and protection of its customers’ data in the cloud.
Stringent controls to protect customers’ data
We’ve built 200 points of security into our platform and taken steps to validate our cloud security practices" “OutSystems customers deserve to know that the data and information they entrust us with is being protected using the most stringent controls in the industry,” said Jose Casinha, OutSystems Chief Security Officer.
“We take our role as caretakers of information seriously. That’s why we’ve built 200 points of security into our platform and taken steps to validate our cloud security practices through the most rigorous certification processes.”
Adding the two new certifications extends the OutSystems record of achieving the highest levels of compliance for the protection of customers’ mission-critical assets. The company’s SOC 2 Level II certification combined with the achievement of ISO 27001 and ISO 22301 certifications establishes OutSystems as meeting the five Trust Services Principles –providing Security, Availability, Processing Integrity, Confidentiality, and Privacy.
Protection of information in cloud services
Complimenting this, ISO 27018 outlines requirements for the protection and privacy of user data in the cloudISO 27017 and ISO 27018 builds on the principles of the ISO 27001 standard, which provides a checklist of controls for a company’s establishment, operation and maintenance of an information security management system.
ISO 27017 focusses on the protection of the information in cloud services. It extends to cloud computing providers’ controls in earlier compliance standards that govern information management and sharing by IT vendors.
Complimenting this, ISO 27018 outlines requirements for the protection and privacy of user data in the cloud. It provides a code of practice for protecting personally identifiable information (PII) in the cloud, which was adopted by the International Organisation for Standardisation (ISO).