UnaConnect Achieves ISO27001 Certification for Information Security Management System

UnaBiz is pleased to announce that it has successfully achieved the ISO 27001 certification for Information Security Management System of UnaConnect Data Platform. The certification is the 2nd accreditation the company achieved following its first ISO 9001:2015 certification for Design of IoT Product and Provider of Network Connectivity Solutions in 2019. 

What is ISO/IEC 27001?

ISO/IEC 27001 is an information security management system standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The standard is recognised globally as a benchmark for monitoring, reviewing, maintaining, and improving a company’s ISMS. UnaBiz is one of the very few players in the IoT ecosystem to achieve the certification.

What did we certify?

The software development, maintenance and operation of UnaConnect.

Why did we do it?

Security has been and still is among the top barriers for IoT adoption, along with high costs, lack of know-how, lack of standards and connectivity. While there are numerous IoT platforms in the market with great performing features, security considerations are often systematically left behind. UnaConnect is a data platform that aims to bridge the glaring gap between fragmented IoT data collection technologies and enterprise systems.

UnaBiz has been designing and building UnaConnect with Security at its core ever since its first developments. This certification highlights and recognizes UnaBiz’s commitment to meet and exceed the best-in-class security standards, to safeguard our customer’s data. 

“Our customers deal with sensitive data round the clock and ensuring cybersecurity compliance is crucial as any security breach can lead to significant financial losses, legal troubles, and not to mention loss of market share. In order to uphold stakeholder confidence, the company decided to take a proactive approach towards data protection and data integrity,” said Yadia Colindres, Deputy CTO of UnaBiz. 

How did we do it?

The company was certified after 6 months of extensive internal and external audits of its ISMS. The team underwent rigorous policies, procedures, and controls review across people, processes, and technology to manage risk and secure data assets. The certification is issued by the British Standards Institution (BSI), one of the world’s largest and most reputable certification bodies. 

What does this mean for our customers?

On top of monitoring devices, managing a huge volume of data and meeting interoperability requirements, customers who trust UnaBiz with their most sensitive data can now be assured that once their data enters the UnaConnect data platform, it is secured.

“Our customers can have more confidence than ever on the proper and secure management of their precious data by and within UnaConnect. Security should not be an afterthought, it is not an option.” says Philippe Chiu, CTO and Co-founder of UnaBiz.

What is next?

UnaBiz will continue to meet or exceed industry best practices to protect our customer’s data. “ISO 27001 certification is just the first step. As the security and compliance landscape evolves, more practices will be put in place for continuous reviews and enhancements. These practices will also govern the development of our new data services.” Yadia added. 

Endorsed by IMDA

Prior to achieving the ISO Certification, UnaConnect has also passed with 100% the Technical Evaluation of Singapore Government Agency Infocomm Media Development Authority (IMDA). The areas evaluated include; 

  • Functionality and Usability
  • Performance Efficiency, 
  • Reliability and Maintainability, 
  • Security – IM8 Security Policy* & OWASP Application Security Verification Standard**

*IM8 is a security management tool used by the Singapore Government to safeguard Infocomm Technology and Smart Systems (ICT and SS) assets.

**The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.