PortlandLabs is pleased to announce that PortlandLabs is now ISO/IEC 27001:2013 certified!
The scope of our certification includes:
All PortlandLabs products including concrete5 from version 8.5.1 and Liberta Server
All PortlandLabs services
All PortlandLabs departments
All individuals performing work for PortlandLabs (employees, temporary employees, contractors, consultants) whether working from a remote location or from PortlandLabs’ facilities.
This certification demonstrates PortlandLabs’ continued commitment to information security at every level and ensures that the security of our client’s data and information has been addressed, implemented, and properly controlled in all areas of our organization.
What does this mean for users of concrete5? At the moment you download concrete5 8.5.1 (or higher), your content management system is ISO 27001:2013 certified. What you do with it after you download it is crucial. If your company is ISO 27001:2013 certified and changes made to your sites which use concrete5 are made according to your ISO approved change management processes, then your sites should be ISO 27001 certified as long as they are hosted on ISO 27001 certified servers. Just ensure that security patches released by PortlandLabs for concrete5 are installed in a timely manner!
Maintaining any certification you have just became easier. For companies that are also ISO 27001:2001 certified, you can now leverage PortlandLabs’ ISO 27001 certification for concrete5, Liberta Server and/or services for your own ISO certification by providing PortlandLab’s ISO certificate to your own auditors. Likewise for companies with SOC 2 compliance, your required annual vetting of external products and services will be a breeze for either concrete5, Liberta Server, and/or PortlandLabs’ provided services.
Using an ISO 27001 certified version of concrete5 gives all users the assurance that your CMS is developed according to software development best practices which also include security reviews and independently performed penetration testing. PortlandLabs’ security program also includes steps to ensure that any open source code incorporated into concrete5 does not impact the MIT “do anything but don’t sue us” license that all concrete5 users leverage.
What does this mean for users of Liberta Server? Being ISO 27001 certified means that Liberta Server is robust with availability designed in so it will be there for your deployment needs when you need it. It means that PortlandLabs has tested backups as well as a tested business continuity (disaster recovery) program. You can be confident that you can access your data when you need it.
Being ISO 27001:2013 certified means that Liberta Server has been audited that it protects your data’s integrity and your data’s confidentiality. When PortlandLabs’ clients’ access their data, they can be confident it is the same data that they originally transmitted and stored. PortlandLabs’ clients can rest easy knowing that their data can be accessed only by those authorized to access it and that the principle of least privilege has been incorporated into Liberta Server’s design.
“This is a great accomplishment for our team” says PortlandLabs CEO Franz Maruna. “Decades of learning from a wide array of clients and their web DevOps processes have informed our own best practices. When it comes to keeping a complicated digital presence safe and nimble, we’ve seen it all. It’s great to have this first independent certification.”
Companies engaging PortlandLabs to perform work for them can now be assured that all personnel working on their projects, whether full time employees or other, have been audited to be both trustworthy and competent.
Maintaining compliance with this internationally recognized standard is an ongoing process. All future concrete5 and Liberta Server patches and releases will produced according to ISO 27002 best practices to maintain the benefits that PortlandLabs’ ISO 27001:2013 certification provides to PortlandLabs’ clients as well as to the entire concrete5 community.