YesWeHack’s Information Security Management System (ISMS) is now officially compliant with ISO/IEC 27017 – a globally recognised standard for cloud security controls.
The certification builds on our conformance, since 2022, with ISO/IEC 27001, the definitive standard for implementing an ISMS that enhances protections against cyber threats and vulnerabilities.
We are also delighted to announce that our Singapore office, opened in 2019, is now covered by these certifications. This means our entire ICT infrastructure and all global sites – also in Paris, Rennes and Rouen – are certified as compliant.
ISO/IEC 27017 comprises security controls that help organisations address the risks that may arise from their use or delivery of cloud-based services. This InfoSec framework provides cloud-based guidance on 37 controls detailed in ISO/IEC 27002, as well as seven new controls.
Compliance with ISO/IEC 27017 certifies that YesWeHack has successfully implemented advanced information security controls for cloud-based services, whether used internally or delivered to clients and hunters. It also demonstrates we can provide customers with the information and technical support necessary to meet their information security requirements, such as with our services’ shared responsibility model.
Our latest certification strengthens trust in our services – a foundational goal for YesWeHack – and helps customers achieve or maintain their own compliance with ISO/IEC 27017.
We achieved compliance with ISO/IEC 27017 following rigorous risk and compliance assessments, which enabled us to enhance our control framework, then an audit by a third-party certification body. Ongoing certification will be maintained via annual audits and renewed at least every three years.
Our latest certificates and statements of applicability for ISO/IEC 27001 andISO/IEC 27017 can be provided on demand.
“Compliance with ISO/IEC 27017 is a major milestone that further bolsters our security posture and helps to vindicate the trust our customers place in us,” comments Gilles Yonnet, Chief Technology Officer (CTO) at YesWeHack. “But that’s not the end of the journey. Compliance, in line with our ethos, is a continuous process – requiring continuous vigilance, continuous evaluation and continuous improvement.”
Visit our Trust and Security page to find out more about how we strengthen our security and data privacy posture. This includes, among others, sections on GDPR-compliance, state-of-the-art encryption, a secure-by-design model, a zero-trust network and a YesWeHack-focused Bug Bounty program.
In related news, we’ve also become a certified member of CREST. Stay tuned for another blog post next month explaining how our pentest services are compliant with stringent, best-practice security requirements.