In this modern time where digital products are used day to day, and where digital threats are significantly widespread, a digital product studio can not fail to have adequate security controls in place to deliver trustworthy products. One of our goals at In The Pocket is to deliver trustworthy, secure and reliable products to all our clients.

Because we wanted to put these nice words into action, we spent the last months on becoming ISO27001: 2017 certified. An ambitious project, but we managed to achieve our goal!‍

‍
What is ISO27001?

ISO27001 is globally recognized as the standard for Information Security defined by the International Organisation for Standardization (ISO). The ISO27001 is a framework for creating and implementing an Information Security Management System (ISMS). This ISMS includes all policies, processes and procedures related to Information Security.

In practice it comes down to starting with appointing people responsible for security and getting management supporting the needs for a proper information security framework, which was easy to achieve at In The Pocket as we understand the need for security. After this, we established the context, scope and objectives for our ISMS, and conducted a risk assessment to get an overview of our current risks and their potential impact.

Once the risks were clear, we started implementing controls to mitigate these risks and improve our security. In development we believe in a ‘security-by-design’ principle and a proper security implementation should be part of every product we build, that is why we developed a strong Secure Software Development Lifecycle (including OWASP top 10, OWASP Application Verification Standards, Threat Modelling…). Aside of this we invested in information classification, improved password guidelines, incident response, business continuity, disaster recovery…

Another big part of improving our security is training people - every person working in information security knows that people are one of the highest risks in information security. By taking time to train everyone at In The Pocket we let people act as a frontline defense against several cybersecurity issues like phishing, malware, security leaks or possible data disclosure.

But why?

At In The Pocket we build digital products that you can trust. When a contractor starts building a house or a bridge he needs to verify that he has the knowledge for building this. When you want to create a digital product, you don’t need any proof that you can build what you say, but we believe we should be able to show our competence.

Aside of this, the importance of investing in information security is becoming more and more important, In 2018 we had the introduction of the GDPR and cybercrime’s yearly revenue has hits $1,5 trillion (and this number is raising as cybercrime is growing worldwide).

So when we start creating digital products, we want to deliver something that can be trusted, the end-user should feel safe about his data and the infrastructure the platform is running-on.