ISO 27001 certification

Optimizely Campaign's safety management

The ISO/IEC 27001:2013 certification by TÜV Süd gives you as a user the guarantee that Optimizely's safety management for operation, service and development of email marketing platform complies with internationally recognized standards regarding data and information security.

In external, multi-stage audits, processes sensible to set up, implement, execute, control, maintain and optimize information security are evaluated.

In addition to the evaluation of the technical and organizational processes, the handling of information within the company was scrutinized, for human error has to be taken into account and made safe.

Your advantages

The internationally recognized certification for information systems according to ISO/IEC 27001:2013 gives you safety and comparability with other systems when choosing the email marketing service provider that suits you best. With this certification, you can be sure that your data is hosted, stored and protected against unauthorized access at Optimizely according to defined, approved standards. The certification also covers the operation and support of Optimizely's dispatch infrastructure. In these aspects, Optimizely Campaign scores with a highly available, fail-safe and powerful system.

What does ISO/IEC 27001:2013 mean?

ISO/IEC 27001:2013 is a standard for an information security management system that checks and evaluates the following areas and assets:

  1. Information security management. Information security management evaluates processes, their functionality and infrastructure of Optimizely Campaign by identifying possible threats, risk handling and responsibilities. It represents the current state and serves as a base for the PDCA guidelines for continuous improvement of information security.
  2. PDCA guidelines for continuous improvement of information security. These guidelines for the Plan-Do-Check-Act process define in four phases the suitable measures to determine and evaluate information security; the measures to be implemented and realized; how these measures and their effectiveness can be verified constantly; and finally how these measures can be maintained, improved and fixed during operation.
  3. Inventory sheet. Assets of the company are registered here. Each asset is evaluated regarding its priority for information security. Next, a procedure directory is created, which contains and describes all processes related to this asset.
  4. Risk measure matrix. In this matrix, all implemented security measures are correlated to a concrete risk. With this matrix, the remaining risk can be determined and thus assured that only a minimal acceptable remaining risk will occur at any time in any process.
  5. Compliance. This aspect ensures that all processes are defined within the legal range and in compliance with the standards set by the legislature.

Who certifies all this and how is the process conducted?

The certification is a multi-stage process and is executed by an external service provider. The certification of Optimizely Campaign was executed by TÜV Süd. The certification process involves the following steps and phases:

  1. Assessment for certifiability. Done prior to the actual certification.
  2. Certification audits by TÜV Süd. Multi-stage audits in all security relevant areas and divisions of the company.
  3. Verification audits. Yearly audits, which guarantee the compliance with all standards. These audits also verify that the information security management is being improved and developed further. This is a requirement for the certification.
  4. Recertification. Every three years, the certification is renewed in an audit similar to the certification audit (see number 2).